from flask import request, flash, redirect, url_for, abort from flask_login import login_required from app.utils.priv_required import priv_required from flask_wtf import FlaskForm from wtforms import SubmitField from app.models.users import Member, Group, GroupPrivilege from app.models.privs import SpecialPrivilege from app.forms.account import AdminUpdateAccountForm, AdminDeleteAccountForm from app.utils.render import render from app import app, db @app.route('/admin', methods=['GET', 'POST']) @priv_required('admin-panel') def admin(): class AdminForm(FlaskForm): submit = SubmitField('Régénérer groupes, privilèges, membres de test') form = AdminForm() if form.validate_on_submit(): # Clean up groups for g in Group.query.all(): db.session.delete(g) db.session.commit( ) # Create base groups g_admins = Group('Administrateur', 'color: red') g_modos = Group('Modérateur', 'color: green') g_redacs = Group('Rédacteur', 'color: blue') g_community = Group('Compte communautaire', 'background: #d8d8d8;' + 'border-radius: 4px; color: #303030; padding: 1px 2px') db.session.add(g_admins) db.session.add(g_modos) db.session.add(g_redacs) db.session.add(g_community) # Clean up test members for name in "PlanèteCasio GLaDOS".split(): m = Member.query.filter_by(name=name).first() if m is not None: db.session.delete(m) db.session.commit() # Create template members m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever') m.groups.append(g_community) db.session.add(m) m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever') m.groups.append(g_modos) m.groups.append(g_redacs) db.session.add(m) db.session.add(SpecialPrivilege(m, "edit-posts")) db.session.add(SpecialPrivilege(m, "shoutbox-ban")) db.session.commit() users = Member.query.all() groups = Group.query.all() return render('admin/index.html', users=users, groups=groups, form=form) @app.route('/admin/edit-account/', methods=['GET', 'POST']) @priv_required('edit-account') def adm_edit_account(user_id): user = Member.query.filter_by(id=user_id).first() if not user: abort(404) form = AdminUpdateAccountForm() if request.method == "POST": if form.validate_on_submit(): if form.avatar.data: f = form.avatar.data f.save("./app/static/"+user.avatar) user.update( email = form.email.data or None, password = form.password.data or None, birthday = form.birthday.data, signature = form.signature.data, bio = form.biography.data, newsletter = form.newsletter.data, xp = form.xp.data or None, innovation = form.innovation.data or None ) db.session.merge(user) db.session.commit() flash('Modifications effectuées', 'ok') else: flash('Erreur lors de la modification', 'error') return render('admin/edit_account.html', user=user, form=form) @app.route('/admin/edit-account//delete', methods=['GET', 'POST']) @priv_required('delete-account') def adm_delete_account(user_id): user = Member.query.filter_by(id=user_id).first() if not user: abort(404) del_form = AdminDeleteAccountForm() if request.method == "POST": if del_form.validate_on_submit(): db.session.delete(user) db.session.commit() flash('Compte supprimé', 'ok') return redirect(url_for('admin')) else: flash('Erreur lors de la suppression du compte', 'error') del_form.delete.data = False # Force to tick to delete the account return render('admin/delete_account.html', user=user, del_form=del_form)