11 changed files with 59 additions and 36 deletions
+ 12
- 9
app/routes/account.py
View File
| @@ -5,6 +5,7 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount | |||
| from app.models.users import Member | |||
| from app.utils.render import render | |||
| @app.route('/account', methods=['GET', 'POST']) | |||
| @login_required | |||
| def edit_account(): | |||
| @@ -13,14 +14,14 @@ def edit_account(): | |||
| if form.validate_on_submit(): | |||
| if form.avatar.data: | |||
| f = form.avatar.data | |||
| f.save("./app/static/"+current_user.avatar) | |||
| f.save("./app/static/" + current_user.avatar) | |||
| current_user.update( | |||
| email = form.email.data or None, | |||
| password = form.password.data or None, | |||
| birthday = form.birthday.data, | |||
| signature = form.signature.data, | |||
| bio = form.biography.data, | |||
| newsletter = form.newsletter.data | |||
| email=form.email.data or None, | |||
| password=form.password.data or None, | |||
| birthday=form.birthday.data, | |||
| signature=form.signature.data, | |||
| bio=form.biography.data, | |||
| newsletter=form.newsletter.data | |||
| ) | |||
| db.session.merge(current_user) | |||
| db.session.commit() | |||
| @@ -30,6 +31,7 @@ def edit_account(): | |||
| return render('account.html', form=form) | |||
| @app.route('/account/delete', methods=['GET', 'POST']) | |||
| @login_required | |||
| def delete_account(): | |||
| @@ -43,7 +45,7 @@ def delete_account(): | |||
| return redirect(url_for('index')) | |||
| else: | |||
| flash('Erreur lors de la suppression du compte', 'error') | |||
| del_form.delete.data = False # Force to tick to delete the account | |||
| del_form.delete.data = False # Force to tick to delete the account | |||
| return render('delete_account.html', del_form=del_form) | |||
| @@ -60,8 +62,9 @@ def register(): | |||
| return redirect(url_for('validation')) | |||
| return render('register.html', title='Register', form=form) | |||
| @app.route('/register/validation/') | |||
| def validation(): | |||
| if current_user.is_authenticated : | |||
| if current_user.is_authenticated: | |||
| return redirect(url_for('index')) | |||
| return render('validation.html') | |||
+ 19
- 16
app/routes/admin.py
View File
| @@ -1,5 +1,4 @@ | |||
| from flask import request, flash, redirect, url_for, abort | |||
| from flask_login import login_required | |||
| from flask import request, flash, redirect, url_for | |||
| from app.utils.priv_required import priv_required | |||
| from flask_wtf import FlaskForm | |||
| from wtforms import SubmitField | |||
| @@ -11,11 +10,13 @@ from app import app, db | |||
| import yaml | |||
| import os | |||
| @app.route('/admin', methods=['GET', 'POST']) | |||
| @priv_required('access-admin-panel') | |||
| def adm(): | |||
| return render('admin/index.html') | |||
| @app.route('/admin/groups', methods=['GET', 'POST']) | |||
| @priv_required('access-admin-panel') | |||
| def adm_groups(): | |||
| @@ -57,7 +58,7 @@ def adm_groups(): | |||
| if g is not None: | |||
| member.groups.append(g) | |||
| m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever') | |||
| m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever') | |||
| addgroup(m, "Compte communautaire") | |||
| db.session.add(m) | |||
| @@ -72,12 +73,13 @@ def adm_groups(): | |||
| db.session.commit() | |||
| users = Member.query.all() | |||
| users = Member.query.all() | |||
| groups = Group.query.all() | |||
| return render('admin/groups_privileges.html', users=users, groups=groups, | |||
| form=form) | |||
| @app.route('/admin/edit-account/<user_id>', methods=['GET', 'POST']) | |||
| @priv_required('edit-account') | |||
| def adm_edit_account(user_id): | |||
| @@ -88,22 +90,22 @@ def adm_edit_account(user_id): | |||
| if form.validate_on_submit(): | |||
| if form.avatar.data: | |||
| f = form.avatar.data | |||
| f.save("./app/static/"+user.avatar) | |||
| f.save("./app/static/" + user.avatar) | |||
| newname = form.username.data | |||
| names = list(Member.query.filter(Member.id != user.id).values(Member.name)) | |||
| if newname in names: | |||
| raise Exception(f'{data["name"]} is not available') | |||
| raise Exception(f'{newname} is not available') | |||
| user.update( | |||
| name = form.username.data or None, | |||
| email = form.email.data or None, | |||
| password = form.password.data or None, | |||
| birthday = form.birthday.data, | |||
| signature = form.signature.data, | |||
| bio = form.biography.data, | |||
| newsletter = form.newsletter.data, | |||
| xp = form.xp.data or None, | |||
| innovation = form.innovation.data or None | |||
| name=form.username.data or None, | |||
| email=form.email.data or None, | |||
| password=form.password.data or None, | |||
| birthday=form.birthday.data, | |||
| signature=form.signature.data, | |||
| bio=form.biography.data, | |||
| newsletter=form.newsletter.data, | |||
| xp=form.xp.data or None, | |||
| innovation=form.innovation.data or None | |||
| ) | |||
| db.session.merge(user) | |||
| db.session.commit() | |||
| @@ -114,6 +116,7 @@ def adm_edit_account(user_id): | |||
| return render('admin/edit_account.html', user=user, form=form) | |||
| @app.route('/admin/edit-account/<user_id>/delete', methods=['GET', 'POST']) | |||
| @priv_required('delete-account') | |||
| def adm_delete_account(user_id): | |||
| @@ -134,5 +137,5 @@ def adm_delete_account(user_id): | |||
| return redirect(url_for('adm')) | |||
| else: | |||
| flash('Erreur lors de la suppression du compte', 'error') | |||
| del_form.delete.data = False # Force to tick to delete the account | |||
| del_form.delete.data = False # Force to tick to delete the account | |||
| return render('admin/delete_account.html', user=user, del_form=del_form) | |||
+ 5
- 2
app/routes/index.py
View File
| @@ -2,14 +2,17 @@ from app import app | |||
| from app.utils.render import render | |||
| @app.route('/') | |||
| def index(): | |||
| return render('index.html') | |||
| @app.errorhandler(404) | |||
| def file_not_found(e): | |||
| return render('errors/404.html'), 404 | |||
| return render('errors/404.html'), 404 | |||
| @app.errorhandler(403) | |||
| def unauthorized_access(e): | |||
| return render('errors/403.html'), 403 | |||
| return render('errors/403.html'), 403 | |||
+ 3
- 1
app/routes/login.py
View File
| @@ -7,6 +7,7 @@ from app.utils.render import render | |||
| # from app.routes.index import index | |||
| @app.route('/login', methods=['GET', 'POST']) | |||
| def login(): | |||
| if current_user.is_authenticated: | |||
| @@ -28,6 +29,7 @@ def login(): | |||
| return redirect(url_for('index')) | |||
| return render('login.html', form=form) | |||
| @app.route('/logout') | |||
| @login_required | |||
| def logout(): | |||
| @@ -40,4 +42,4 @@ def logout(): | |||
| flash('Déconnexion réussie', 'info') | |||
| if request.referrer: | |||
| return redirect(request.referrer) | |||
| return redirect(url_for('index')) | |||
| return redirect(url_for('index')) | |||
+ 1
- 0
app/routes/search.py
View File
| @@ -2,6 +2,7 @@ from app import app | |||
| from app.forms.search import AdvancedSearchForm | |||
| from app.utils.render import render | |||
| @app.route('/search') | |||
| def search(): | |||
| form = AdvancedSearchForm() | |||
+ 4
- 4
app/routes/users.py
View File
| @@ -1,15 +1,15 @@ | |||
| from flask import redirect, url_for, abort | |||
| from flask_login import login_required, current_user, logout_user | |||
| from app import app, db | |||
| from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccountForm | |||
| from flask import redirect, url_for | |||
| from app import app | |||
| from app.models.users import Member | |||
| from app.utils.render import render | |||
| @app.route('/user/<username>') | |||
| def user(username): | |||
| member = Member.query.filter_by(name=username).first_or_404() | |||
| return render('user.html', member=member) | |||
| @app.route('/user/id/<int:user_id>') | |||
| def user_by_id(user_id): | |||
| member = Member.query.filter_by(id=user_id).first_or_404() | |||
+ 1
- 0
app/utils/pluralize.py
View File
| @@ -1,5 +1,6 @@ | |||
| from app import app | |||
| @app.template_filter('pluralize') | |||
| def pluralize(count, singular="", plural="s"): | |||
| """ | |||
+ 2
- 1
app/utils/priv_required.py
View File
| @@ -1,9 +1,10 @@ | |||
| from functools import wraps | |||
| from flask import redirect, url_for, request, flash, abort | |||
| from flask import request, abort | |||
| from flask_login import current_user | |||
| from flask_login.config import EXEMPT_METHODS | |||
| from app import app | |||
| def priv_required(*perms): | |||
| """ | |||
| Requires the user to be an authenticated member with privileges [perms]. | |||
+ 2
- 1
app/utils/render.py
View File
| @@ -2,6 +2,7 @@ from flask import render_template | |||
| from app.forms.login import LoginForm | |||
| from app.forms.search import SearchForm | |||
| def render(*args, styles=[], **kwargs): | |||
| # TODO: debugguer cette merde : au logout, ça foire | |||
| # if current_user.is_authenticated: | |||
| @@ -12,7 +13,7 @@ def render(*args, styles=[], **kwargs): | |||
| # Pour jouer sur les feuilles de style : | |||
| # render('page.html', styles=['-css/form.css', '+css/admin/forms.css']) | |||
| styles_= [ | |||
| styles_ = [ | |||
| 'css/global.css', | |||
| 'css/navbar.css', | |||
| 'css/header.css', | |||
+ 6
- 0
app/utils/validators.py
View File
| @@ -2,28 +2,34 @@ from flask_login import current_user | |||
| from wtforms.validators import ValidationError | |||
| from app.models.users import User, Member | |||
| def name_valid(form, name): | |||
| if not User.valid_name(name.data): | |||
| raise ValidationError("Nom d'utilisateur invalide.") | |||
| def name_available(form, name): | |||
| member = Member.query.filter_by(name=name.data).first() | |||
| if member is not None: | |||
| raise ValidationError('Pseudo indisponible.') | |||
| def email(form, email): | |||
| member = Member.query.filter_by(email=email.data).first() | |||
| if member is not None: | |||
| raise ValidationError('Adresse email déjà utilisée.') | |||
| def password(form, password): | |||
| if len(password.data) != 0 and len(password.data) < 10: | |||
| raise ValidationError('Mot de passe est trop court (10 caractères minimum).') | |||
| # TODO: add more rules >:] | |||
| def avatar(form, avatar): | |||
| pass | |||
| def old_password(form, field): | |||
| if field.data: | |||
| if not form.old_password.data: | |||
+ 4
- 2
config.py
View File
| @@ -1,18 +1,20 @@ | |||
| import os | |||
| class Config(object): | |||
| SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key' | |||
| SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \ | |||
| 'postgresql+psycopg2://' + os.environ.get('USER') + ':@/pcv5' | |||
| SQLALCHEMY_TRACK_MODIFICATIONS = False | |||
| UPLOAD_FOLDER = './app/static/avatars' | |||
| LOGIN_DISABLED=True | |||
| LOGIN_DISABLED = True | |||
| class V5Config(object): | |||
| # Length allocated to privilege names (slugs) | |||
| PRIVS_MAXLEN = 64 | |||
| # Forbidden user names | |||
| FORBIDDEN_USERNAMES = [ "admin", "root", "webmaster", "contact" ] | |||
| FORBIDDEN_USERNAMES = ["admin", "root", "webmaster", "contact"] | |||
| # Forbidden chars in user names (regex) | |||
| FORBIDDEN_CHARS_USERNAMES = r"[/]" | |||
| # Unauthorized message (@priv_required) | |||
Loading…