1 year ago · e4ed9cb4b0
--- a/app/routes/account.py
+++ b/app/routes/account.py
@@ -5,6 +5,7 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount
 from app.models.users import Member
 from app.utils.render import render


@app.route('/account', methods=['GET', 'POST'])
@login_required
 def edit_account():
@@ -13,14 +14,14 @@ def edit_account():
        if form.validate_on_submit():
            if form.avatar.data:
                f = form.avatar.data
                f.save("./app/static/"+current_user.avatar)
                f.save("./app/static/" + current_user.avatar)
            current_user.update(
                email = form.email.data or None,
                password = form.password.data or None,
                birthday = form.birthday.data,
                signature = form.signature.data,
                bio = form.biography.data,
                newsletter = form.newsletter.data
                email=form.email.data or None,
                password=form.password.data or None,
                birthday=form.birthday.data,
                signature=form.signature.data,
                bio=form.biography.data,
                newsletter=form.newsletter.data
            )
            db.session.merge(current_user)
            db.session.commit()
@@ -30,6 +31,7 @@ def edit_account():

    return render('account.html', form=form)


@app.route('/account/delete', methods=['GET', 'POST'])
@login_required
 def delete_account():
@@ -43,7 +45,7 @@ def delete_account():
            return redirect(url_for('index'))
        else:
            flash('Erreur lors de la suppression du compte', 'error')
            del_form.delete.data = False # Force to tick to delete the account
            del_form.delete.data = False  # Force to tick to delete the account
    return render('delete_account.html', del_form=del_form)


@@ -60,8 +62,9 @@ def register():
        return redirect(url_for('validation'))
    return render('register.html', title='Register', form=form)


@app.route('/register/validation/')
 def validation():
    if current_user.is_authenticated :
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    return render('validation.html')
--- a/app/routes/admin.py
+++ b/app/routes/admin.py
@@ -1,5 +1,4 @@
 from flask import request, flash, redirect, url_for, abort
 from flask_login import login_required
 from flask import request, flash, redirect, url_for
 from app.utils.priv_required import priv_required
 from flask_wtf import FlaskForm
 from wtforms import SubmitField
@@ -11,11 +10,13 @@ from app import app, db
 import yaml
 import os


@app.route('/admin', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
 def adm():
    return render('admin/index.html')


@app.route('/admin/groups', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
 def adm_groups():
@@ -57,7 +58,7 @@ def adm_groups():
            if g is not None:
                member.groups.append(g)

        m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever')
        m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever')
        addgroup(m, "Compte communautaire")
        db.session.add(m)

@@ -72,12 +73,13 @@ def adm_groups():

        db.session.commit()

    users  = Member.query.all()
    users = Member.query.all()
    groups = Group.query.all()

    return render('admin/groups_privileges.html', users=users, groups=groups,
        form=form)


@app.route('/admin/edit-account/<user_id>', methods=['GET', 'POST'])
@priv_required('edit-account')
 def adm_edit_account(user_id):
@@ -88,22 +90,22 @@ def adm_edit_account(user_id):
        if form.validate_on_submit():
            if form.avatar.data:
                f = form.avatar.data
                f.save("./app/static/"+user.avatar)
                f.save("./app/static/" + user.avatar)

            newname = form.username.data
            names = list(Member.query.filter(Member.id != user.id).values(Member.name))
            if newname in names:
                raise Exception(f'{data["name"]} is not available')
                raise Exception(f'{newname} is not available')
            user.update(
                name = form.username.data or None,
                email = form.email.data or None,
                password = form.password.data or None,
                birthday = form.birthday.data,
                signature = form.signature.data,
                bio = form.biography.data,
                newsletter = form.newsletter.data,
                xp = form.xp.data or None,
                innovation = form.innovation.data or None
                name=form.username.data or None,
                email=form.email.data or None,
                password=form.password.data or None,
                birthday=form.birthday.data,
                signature=form.signature.data,
                bio=form.biography.data,
                newsletter=form.newsletter.data,
                xp=form.xp.data or None,
                innovation=form.innovation.data or None
            )
            db.session.merge(user)
            db.session.commit()
@@ -114,6 +116,7 @@ def adm_edit_account(user_id):

    return render('admin/edit_account.html', user=user, form=form)


@app.route('/admin/edit-account/<user_id>/delete', methods=['GET', 'POST'])
@priv_required('delete-account')
 def adm_delete_account(user_id):
@@ -134,5 +137,5 @@ def adm_delete_account(user_id):
            return redirect(url_for('adm'))
        else:
            flash('Erreur lors de la suppression du compte', 'error')
            del_form.delete.data = False # Force to tick to delete the account
            del_form.delete.data = False  # Force to tick to delete the account
    return render('admin/delete_account.html', user=user, del_form=del_form)
--- a/app/routes/index.py
+++ b/app/routes/index.py
@@ -2,14 +2,17 @@ from app import app

 from app.utils.render import render


@app.route('/')
 def index():
    return render('index.html')


@app.errorhandler(404)
 def file_not_found(e):
 	return render('errors/404.html'), 404
    return render('errors/404.html'), 404


@app.errorhandler(403)
 def unauthorized_access(e):
 	return render('errors/403.html'), 403
    return render('errors/403.html'), 403
--- a/app/routes/login.py
+++ b/app/routes/login.py
@@ -7,6 +7,7 @@ from app.utils.render import render

 # from app.routes.index import index


@app.route('/login', methods=['GET', 'POST'])
 def login():
    if current_user.is_authenticated:
@@ -28,6 +29,7 @@ def login():
        return redirect(url_for('index'))
    return render('login.html', form=form)


@app.route('/logout')
@login_required
 def logout():
@@ -40,4 +42,4 @@ def logout():
    flash('Déconnexion réussie', 'info')
    if request.referrer:
        return redirect(request.referrer)
    return redirect(url_for('index'))
    return redirect(url_for('index'))
--- a/app/routes/search.py
+++ b/app/routes/search.py
@@ -2,6 +2,7 @@ from app import app
 from app.forms.search import AdvancedSearchForm
 from app.utils.render import render


@app.route('/search')
 def search():
    form = AdvancedSearchForm()
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -1,15 +1,15 @@
 from flask import redirect, url_for, abort
 from flask_login import login_required, current_user, logout_user
 from app import app, db
 from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccountForm
 from flask import redirect, url_for
 from app import app
 from app.models.users import Member
 from app.utils.render import render


@app.route('/user/<username>')
 def user(username):
    member = Member.query.filter_by(name=username).first_or_404()
    return render('user.html', member=member)


@app.route('/user/id/<int:user_id>')
 def user_by_id(user_id):
    member = Member.query.filter_by(id=user_id).first_or_404()
--- a/app/utils/pluralize.py
+++ b/app/utils/pluralize.py
@@ -1,5 +1,6 @@
 from app import app


@app.template_filter('pluralize')
 def pluralize(count, singular="", plural="s"):
    """
--- a/app/utils/priv_required.py
+++ b/app/utils/priv_required.py
@@ -1,9 +1,10 @@
 from functools import wraps
 from flask import redirect, url_for, request, flash, abort
 from flask import request, abort
 from flask_login import current_user
 from flask_login.config import EXEMPT_METHODS
 from app import app


 def priv_required(*perms):
    """
    Requires the user to be an authenticated member with privileges [perms].
--- a/app/utils/render.py
+++ b/app/utils/render.py
@@ -2,6 +2,7 @@ from flask import render_template
 from app.forms.login import LoginForm
 from app.forms.search import SearchForm


 def render(*args, styles=[], **kwargs):
    # TODO: debugguer cette merde : au logout, ça foire
    # if current_user.is_authenticated:
@@ -12,7 +13,7 @@ def render(*args, styles=[], **kwargs):
    # Pour jouer sur les feuilles de style :
    # render('page.html', styles=['-css/form.css', '+css/admin/forms.css'])

    styles_= [
    styles_ = [
        'css/global.css',
        'css/navbar.css',
        'css/header.css',
--- a/app/utils/validators.py
+++ b/app/utils/validators.py
@@ -2,28 +2,34 @@ from flask_login import current_user
 from wtforms.validators import ValidationError
 from app.models.users import User, Member


 def name_valid(form, name):
    if not User.valid_name(name.data):
        raise ValidationError("Nom d'utilisateur invalide.")


 def name_available(form, name):
    member = Member.query.filter_by(name=name.data).first()
    if member is not None:
        raise ValidationError('Pseudo indisponible.')


 def email(form, email):
    member = Member.query.filter_by(email=email.data).first()
    if member is not None:
        raise ValidationError('Adresse email déjà utilisée.')


 def password(form, password):
    if len(password.data) != 0 and len(password.data) < 10:
        raise ValidationError('Mot de passe est trop court (10 caractères minimum).')
        # TODO: add more rules >:]


 def avatar(form, avatar):
    pass


 def old_password(form, field):
    if field.data:
        if not form.old_password.data:
--- a/config.py
+++ b/config.py
@@ -1,18 +1,20 @@
 import os


 class Config(object):
    SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
        'postgresql+psycopg2://' + os.environ.get('USER') + ':@/pcv5'
    SQLALCHEMY_TRACK_MODIFICATIONS = False
    UPLOAD_FOLDER = './app/static/avatars'
    LOGIN_DISABLED=True
    LOGIN_DISABLED = True


 class V5Config(object):
    # Length allocated to privilege names (slugs)
    PRIVS_MAXLEN = 64
    # Forbidden user names
    FORBIDDEN_USERNAMES = [ "admin", "root", "webmaster", "contact" ]
    FORBIDDEN_USERNAMES = ["admin", "root", "webmaster", "contact"]
    # Forbidden chars in user names (regex)
    FORBIDDEN_CHARS_USERNAMES = r"[/]"
    # Unauthorized message (@priv_required)