PCv5/app/routes/admin.py

from flask import request, flash, redirect, url_for, abort
from flask_login import login_required
from app.utils.priv_required import priv_required
from flask_wtf import FlaskForm
from wtforms import SubmitField
from app.models.users import Member, Group, GroupPrivilege
from app.models.privs import SpecialPrivilege
from app.forms.account import AdminUpdateAccountForm, AdminDeleteAccountForm
from app.utils.render import render
from app import app, db
import yaml
import os

@app.route('/admin', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
def adm():
    return render('admin/index.html')

@app.route('/admin/groups', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
def adm_groups():
    class GroupRegenerationForm(FlaskForm):
        submit = SubmitField(
            'Régénérer les groupes, privilèges, et comptes communs')

    form = GroupRegenerationForm()
    if form.validate_on_submit():
        # Clean up groups
        for g in Group.query.all():
            g.delete()

        # Create base groups
        groups = []
        with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
            groups = yaml.load(fp.read())

        for g in groups:
            g["obj"] = Group(g["name"], g["css"], g["descr"])
            db.session.add(g["obj"])
        db.session.commit()

        for g in groups:
            for priv in g.get("privs", "").split():
                db.session.add(GroupPrivilege(g["obj"], priv))
        db.session.commit()

        # Clean up test members
        for name in "PlanèteCasio GLaDOS".split():
            m = Member.query.filter_by(name=name).first()
            if m is not None:
                m.delete()

        # Create template members

        def addgroup(member, group):
            g = Group.query.filter_by(name=group).first()
            if g is not None:
                member.groups.append(g)

        m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever')
        addgroup(m, "Compte communautaire")
        db.session.add(m)

        m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
        addgroup(m, "Robot")
        db.session.add(m)
        db.session.commit()

        db.session.add(SpecialPrivilege(m, "edit-posts"))
        db.session.add(SpecialPrivilege(m, "shoutbox-ban"))

        db.session.commit()

    users  = Member.query.all()
    groups = Group.query.all()

    return render('admin/groups_privileges.html', users=users, groups=groups,
        form=form)

@app.route('/admin/edit-account/<user_id>', methods=['GET', 'POST'])
@priv_required('edit-account')
def adm_edit_account(user_id):
    user = Member.query.filter_by(id=user_id).first_or_404()

    form = AdminUpdateAccountForm()
    if request.method == "POST":
        if form.validate_on_submit():
            if form.avatar.data:
                f = form.avatar.data
                f.save("./app/static/"+user.avatar)

            newname = form.username.data
            names = list(Member.query.filter(Member.id != user.id).values(Member.name))
            if newname in names:
                raise Exception(f'{data["name"]} is not available')
            user.update(
                name = form.username.data or None,
                email = form.email.data or None,
                password = form.password.data or None,
                birthday = form.birthday.data,
                signature = form.signature.data,
                bio = form.biography.data,
                newsletter = form.newsletter.data,
                xp = form.xp.data or None,
                innovation = form.innovation.data or None
            )
            db.session.merge(user)
            db.session.commit()
            # TODO: send an email to member saying his account has been modified
            flash('Modifications effectuées', 'ok')
        else:
            flash('Erreur lors de la modification', 'error')

    return render('admin/edit_account.html', user=user, form=form, styles=['-css/form.css'])

@app.route('/admin/edit-account/<user_id>/delete', methods=['GET', 'POST'])
@priv_required('delete-account')
def adm_delete_account(user_id):
    user = Member.query.filter_by(id=user_id).first_or_404()

    # Note: A user deleting their own account will be disconnected.

    # TODO: Add an overview of what will be deleted.
    # * How many posts will be turned into guest posts
    # * Option: purely delete the posts in question
    # * How many PMs will be deleted (can't unassign PMs)
    # * etc.
    del_form = AdminDeleteAccountForm()
    if request.method == "POST":
        if del_form.validate_on_submit():
            user.delete()
            flash('Compte supprimé', 'ok')
            return redirect(url_for('adm'))
        else:
            flash('Erreur lors de la suppression du compte', 'error')
            del_form.delete.data = False # Force to tick to delete the account
    return render('admin/delete_account.html', user=user, del_form=del_form)
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`from flask import request, flash, redirect, url_for, abort`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`from flask_login import login_required`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`from app.utils.priv_required import priv_required`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`from flask_wtf import FlaskForm`
			`from wtforms import SubmitField`
			`from app.models.users import Member, Group, GroupPrivilege`
			`from app.models.privs import SpecialPrivilege`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`from app.forms.account import AdminUpdateAccountForm, AdminDeleteAccountForm`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`from app.utils.render import render`
			`from app import app, db`
groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`import yaml`
			`import os`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00
			`@app.route('/admin', methods=['GET', 'POST'])`
Correction de #20 2019-02-11 14:36:33 +01:00			`@priv_required('access-admin-panel')`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`def adm():`
			`return render('admin/index.html')`

			`@app.route('/admin/groups', methods=['GET', 'POST'])`
Correction de #20 2019-02-11 14:36:33 +01:00			`@priv_required('access-admin-panel')`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`def adm_groups():`
			`class GroupRegenerationForm(FlaskForm):`
groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`submit = SubmitField(`
			`'Régénérer les groupes, privilèges, et comptes communs')`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`form = GroupRegenerationForm()`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`if form.validate_on_submit():`
			`# Clean up groups`
			`for g in Group.query.all():`
privs: add methods to properly delete users and groups 2019-02-10 18:51:53 +01:00			`g.delete()`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00
			`# Create base groups`
groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`groups = []`
			`with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:`
			`groups = yaml.load(fp.read())`

admin: more on user and group generation Also more titles and details on other pages of the administration section. 2019-02-09 21:18:12 +01:00			`for g in groups:`
groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`g["obj"] = Group(g["name"], g["css"], g["descr"])`
			`db.session.add(g["obj"])`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`db.session.commit()`

groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`for g in groups:`
			`for priv in g.get("privs", "").split():`
			`db.session.add(GroupPrivilege(g["obj"], priv))`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`db.session.commit()`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00
			`# Clean up test members`
			`for name in "PlanèteCasio GLaDOS".split():`
			`m = Member.query.filter_by(name=name).first()`
			`if m is not None:`
privs: add methods to properly delete users and groups 2019-02-10 18:51:53 +01:00			`m.delete()`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00
			`# Create template members`
admin: more on user and group generation Also more titles and details on other pages of the administration section. 2019-02-09 21:18:12 +01:00
			`def addgroup(member, group):`
			`g = Group.query.filter_by(name=group).first()`
			`if g is not None:`
			`member.groups.append(g)`

admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever')`
admin: more on user and group generation Also more titles and details on other pages of the administration section. 2019-02-09 21:18:12 +01:00			`addgroup(m, "Compte communautaire")`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`db.session.add(m)`

			`m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')`
admin: more on user and group generation Also more titles and details on other pages of the administration section. 2019-02-09 21:18:12 +01:00			`addgroup(m, "Robot")`
admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`db.session.add(m)`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`db.session.commit()`

admin: start a panel with a database filler 2019-02-04 16:41:29 +01:00			`db.session.add(SpecialPrivilege(m, "edit-posts"))`
			`db.session.add(SpecialPrivilege(m, "shoutbox-ban"))`

			`db.session.commit()`

			`users = Member.query.all()`
			`groups = Group.query.all()`
minor code and style edits 2019-03-30 22:37:57 +01:00
groups: move default group data to a suitable place 2019-02-16 17:12:41 +01:00			`return render('admin/groups_privileges.html', users=users, groups=groups,`
			`form=form)`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00
			`@app.route('/admin/edit-account/<user_id>', methods=['GET', 'POST'])`
			`@priv_required('edit-account')`
			`def adm_edit_account(user_id):`
minor code and style edits 2019-03-30 22:37:57 +01:00			`user = Member.query.filter_by(id=user_id).first_or_404()`

Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`form = AdminUpdateAccountForm()`
			`if request.method == "POST":`
			`if form.validate_on_submit():`
			`if form.avatar.data:`
			`f = form.avatar.data`
			`f.save("./app/static/"+user.avatar)`
minor code and style edits 2019-03-30 22:37:57 +01:00
			`newname = form.username.data`
			`names = list(Member.query.filter(Member.id != user.id).values(Member.name))`
			`if newname in names:`
			`raise Exception(f'{data["name"]} is not available')`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`user.update(`
Modifications en vrac Dans User.valid_name, ajout de caractères non autorisés. Voir #19 pour faire quelque chose de vraiment propre et safe. Dans privs, j'ai shooté des règles en double. Répercussion sur les autres routes. Ajout du champ username dans le formulaire admin de modif d'un compte. 2019-02-11 00:15:09 +01:00			`name = form.username.data or None,`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`email = form.email.data or None,`
			`password = form.password.data or None,`
			`birthday = form.birthday.data,`
			`signature = form.signature.data,`
			`bio = form.biography.data,`
Ajouts dans le panel admin 2019-02-06 13:12:03 +01:00			`newsletter = form.newsletter.data,`
			`xp = form.xp.data or None,`
			`innovation = form.innovation.data or None`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`)`
			`db.session.merge(user)`
			`db.session.commit()`
Modification de la fonction render - Ajout d'un modificateur pour changer les feuilles de style à la volée 2019-04-17 12:25:24 +02:00			`# TODO: send an email to member saying his account has been modified`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`flash('Modifications effectuées', 'ok')`
			`else:`
			`flash('Erreur lors de la modification', 'error')`

Modification de la fonction render - Ajout d'un modificateur pour changer les feuilles de style à la volée 2019-04-17 12:25:24 +02:00			`return render('admin/edit_account.html', user=user, form=form, styles=['-css/form.css'])`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00
			`@app.route('/admin/edit-account/<user_id>/delete', methods=['GET', 'POST'])`
			`@priv_required('delete-account')`
			`def adm_delete_account(user_id):`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`user = Member.query.filter_by(id=user_id).first_or_404()`
admin: more on user and group generation Also more titles and details on other pages of the administration section. 2019-02-09 21:18:12 +01:00
			`# Note: A user deleting their own account will be disconnected.`

			`# TODO: Add an overview of what will be deleted.`
			`# * How many posts will be turned into guest posts`
			`# * Option: purely delete the posts in question`
			`# * How many PMs will be deleted (can't unassign PMs)`
			`# * etc.`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`del_form = AdminDeleteAccountForm()`
			`if request.method == "POST":`
			`if del_form.validate_on_submit():`
privs: add methods to properly delete users and groups 2019-02-10 18:51:53 +01:00			`user.delete()`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`flash('Compte supprimé', 'ok')`
privs: create privileges from groups and users The groups-privileges page takes care of removing privileges before deleting groups and users; this is to be moved soon to a proper group/user deletion API. 2019-02-10 15:46:53 +01:00			`return redirect(url_for('adm'))`
Ajouts dans le panel admin 2019-02-06 12:44:44 +01:00			`else:`
			`flash('Erreur lors de la suppression du compte', 'error')`
			`del_form.delete.data = False # Force to tick to delete the account`
			`return render('admin/delete_account.html', user=user, del_form=del_form)`