Mercurial > hg > ltpdarepo
view src/ltpdarepo/views/users.py @ 60:1bfd1f5ec9ba
Show user permissions in user management view.
| author | Daniele Nicolodi <daniele@grinta.net> |
|---|---|
| date | Sat, 13 Aug 2011 20:27:24 +0200 |
| parents | 38afb05e3471 |
| children | 7d03f602cade |
line wrap: on
line source
from flask import Blueprint, abort, flash, g, render_template, request, redirect, url_for from ltpdarepo.security import require from ltpdarepo.user import User, IUser from ltpdarepo.form import Form from MySQLdb.cursors import DictCursor app = Blueprint('manage.users', __name__) @app.route('/') @require('admin') def index(): curs = g.db.cursor(DictCursor) curs.execute("""SELECT username, CONCAT(given_name, ' ', family_name) AS name, email FROM users""") users = curs.fetchall() return render_template('users/index.html', users=users) @app.route('/<username>') @require('admin') def view(username): user = User().load(username) if user is None: # not found abort(404) form = IUser(obj=user) privs = {} curs = g.db.cursor() curs.execute('''SELECT DISTINCT Db, Select_priv, Insert_priv, Update_priv, Delete_priv FROM mysql.db WHERE User=%s''', username) for row in curs.fetchall(): privs[row[0]] = {'select': row[1] == 'Y', 'insert': row[2] == 'Y', 'update': row[3] == 'Y', 'delete': row[4] == 'Y'} return render_template('users/view.html', username=username, form=form, permissions=privs) @app.route('/<username>/edit', methods=('GET', 'POST')) @require('admin') def edit(username): user = User().load(username) if user is None: # not found abort(404) form = IUser(obj=user).omit('username') if request.method == 'POST' and form.validate(): form.update(user) user.save() flash('User data saved.') return redirect(url_for('manage.users.view', username=username)) return render_template('users/edit.html', username=username, form=form) @app.route('/+', methods=('GET', 'POST')) @require('admin') def create(): form = IUser() if request.method == 'POST' and form.validate(): user = User() form.update(user) user.create() flash('User "%s" created.' % form.data['username']) return redirect(url_for('manage.users.index')) return render_template('users/create.html', form=form) @app.route('/<username>/drop', methods=('GET', 'POST')) @require('admin') def drop(username): user = User().load(username) if user is None: # not found abort(404) # use an empty form for CSRF protection form = Form() if request.method == 'POST' and form.validate(): if request.form.get('ok'): user.delete() flash('User "%s" deleted.' % username) return redirect(url_for('manage.users.index')) return render_template('users/drop.html', form=form, user=user) module = app