+@app.route('/admin/users')
+def admin_users():
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ tuples = query_db('select *, groups.name as groupname from (select *, id as userid, name as username from users join user_group on id=id_user order by id desc) join groups on id_group=groups.id')
+ users = dict()
+ for t in tuples:
+ if t['userid'] in users:
+ users[t['userid']]['groups'].append(t["groupname"])
+ else:
+ users[t['userid']] = dict()
+ users[t['userid']]['userid'] = t['userid']
+ users[t['userid']]['email'] = t['email']
+ users[t['userid']]['username'] = t['username']
+ users[t['userid']]['is_admin'] = t['is_admin']
+ users[t['userid']]['groups'] = [t['groupname']]
+
+ return render_template('admin_users.html', users=users.values())
+
+@app.route('/admin/users/add', methods=['GET', 'POST'])
+def admin_user_add():
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ if request.method == 'POST':
+ if request.form['email']:
+ if query_db('select * from users where email=?', [request.form['email']], one=True) is None:
+ if request.form['username']:
+ if query_db('select * from users where name=?', [request.form['username']], one=True) is None:
+ admin = 0
+ if 'admin' in request.form.keys():
+ admin = 1
+ key = 'v%s' % keygen()
+ g.db.execute('insert into users (email, openid, name, organization, password, is_admin, key) values (?, ?, ?, ?, ?, ?, ?)',
+ [request.form['email'],
+ request.form['openid'],
+ request.form['username'],
+ request.form['organization'],
+ '', admin, key])
+ g.db.commit()
+ user = query_db('select * from users where email = ?', [request.form["email"]], one=True)
+ if user:
+ groups = request.form.getlist('groups')
+ groups.append('1')
+ for group in groups:
+ if query_db('select id from groups where id = ?', group, one=True) is None:
+ flash(u'Le groupe portant l\'id %s n\'existe pas.' % group, 'warning')
+ else:
+ g.db.execute('insert into user_group values (?, ?)', [user['id'], group])
+ g.db.commit()
+ link = request.url_root + url_for('login_key', userid=user['id'], key=user['key'])
+ BODY = string.join((
+ "From: %s" % EMAIL,
+ "To: %s" % user['email'],
+ "Subject: [Cavote] %s" % gettext(u"Welcome"),
+ "Date: %s" % time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime()).decode('utf-8'),
+ "X-Mailer: %s" % VERSION,
+ "",
+ "%(text)s %(user)s!" % {"text": gettext(u"Hi"), "user": user['name']},
+ "%(text2)s %(title)s." % {"text2": gettext(u"Welcome on"), "title": TITLE},
+ "%(text3)s %(email)s." % {"text3": gettext(u"Your account address is"), "email": user['email']},
+ "",
+ gettext(u"To log in for the first time and set your password, please follow this link :"),
+ link,
+ ""
+ ), "\r\n")
+ server = smtplib.SMTP(SMTP_SERVER)
+ server.sendmail(EMAIL, [user['email']], BODY.encode('utf-8'))
+ server.quit()
+ flash(u'Le nouvel utilisateur a été créé avec succès', 'success')
+ return redirect(url_for('admin_users'))
+ else:
+ flash(u'Une erreur s\'est produite.', 'error')
+ else:
+ flash(u'Le nom ' + request.form['username'] + u' est déjà pris ! Veuillez en choisir un autre.', 'error')
+ else:
+ flash(u"Vous devez spécifier un nom d'utilisateur.", 'error')
+ else:
+ flash(u'Il existe déjà un compte pour cette adresse e-mail : ' + request.form['email'], 'error')
+ else:
+ flash(u"Vous devez spécifier une adresse email.", 'error')
+ groups = query_db('select * from groups where system=0')
+ return render_template('admin_user_new.html', groups=groups)
+
+@app.route('/admin/users/edit/<iduser>', methods=['GET', 'POST'])
+def admin_user_edit(iduser):
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ user = query_db('select * from users where id = ?', [iduser], one=True)
+ user['groups'] = query_db('select groups.* from groups join user_group on groups.id = user_group.id_group where id_user = ?', [iduser])
+ if user is None:
+ abort(404)
+ if request.method == 'POST':
+ if query_db('select * from users where email=? and id!=?', [request.form['email'], iduser], one=True) is None:
+ if query_db('select * from users where name=? and id!=?', [request.form['name'], iduser], one=True) is None:
+ admin = 0
+ if 'admin' in request.form.keys():
+ admin = 1
+ g.db.execute('update users set email = ?, name = ?, organization = ?, openid= ?, is_admin = ? where id = ?',
+ [request.form['email'], request.form['name'], request.form['organization'], request.form['openid'], admin, iduser])
+ g.db.commit()
+ groups = request.form.getlist('groups')
+ groups.append('1')
+ for group in user['groups']:
+ if not group['id'] in groups:
+ g.db.execute('delete from user_group where id_user = ? and id_group = ?', [iduser, group['id']])
+ g.db.commit()
+ for group in groups:
+ group = query_db('select id from groups where id = ?', group, one=True)
+ if group is None:
+ flash(u'Le groupe portant l\'id %s n\'existe pas.' % group, 'warning')
+ else:
+ if not group in user['groups']:
+ g.db.execute('insert into user_group values (?, ?)', [user['id'], group['id']])
+ g.db.commit()
+ user = query_db('select * from users where id = ?', [iduser], one=True)
+ user['groups'] = query_db('select groups.* from groups join user_group on groups.id = user_group.id_group where id_user = ?', [iduser])
+ flash(u'Le profil a été mis à jour !', 'success')
+ else:
+ flash(u'Le nom ' + request.form['name'] + u' est déjà pris ! Veuillez en choisir un autre.', 'error')
+ else:
+ flash(u'Il existe déjà un compte pour cette adresse e-mail : ' + request.form['email'], 'error')
+ groups = query_db('select * from groups where system=0')
+ return render_template('admin_user_edit.html', user=user, groups=groups)
+
+@app.route('/admin/users/delete/<iduser>')
+def admin_user_del(iduser):
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ user = query_db('select * from users where id = ?', [iduser], one=True)
+ if user is None:
+ abort(404)
+ g.db.execute('delete from users where id = ?', [iduser])
+ g.db.commit()
+ return redirect(url_for('admin_users'))
+
+#-------------
+# Roles admin
+
+@app.route('/admin/groups')
+def admin_groups():
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ groups = query_db('select groups.*, count(user_group.id_user) as nb_users from (select groups.*, count(votes.id) as nb_votes from groups left join votes on votes.id_group = groups.id group by groups.id) as groups left join user_group on user_group.id_group = groups.id group by groups.id')
+ return render_template('admin_groups.html', groups=groups)
+
+@app.route('/admin/groups/add', methods=['POST'])
+def admin_group_add():
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ if request.method == 'POST':
+ if request.form['name']:
+ g.db.execute('insert into groups (name) values (?)', [request.form['name']])
+ g.db.commit()
+ else:
+ flash(u"Vous devez spécifier un nom.", "error")
+ return redirect(url_for('admin_groups'))
+
+@app.route('/admin/groups/delete/<idgroup>')
+def admin_group_del(idgroup):
+ if not session.get('user').get('is_admin'):
+ abort(401)
+ group = query_db('select * from groups where id = ?', [idgroup], one=True)
+ if group is None:
+ abort(404)
+ if group['system']:
+ abort(401)
+ g.db.execute('delete from groups where id = ?', [idgroup])
+ g.db.commit()
+ return redirect(url_for('admin_groups'))