From a488f7c479cda8017421a8e4f59012bd659fc5ca Mon Sep 17 00:00:00 2001
From: Guillaume Subiron <maethor@subiron.org>
Date: Mon, 28 May 2012 16:42:39 +0200
Subject: [PATCH] Remplace username by userid in routes

---
 main.py                      | 28 ++++++++++++++--------------
 templates/layout.html        |  4 ++--
 templates/show_user.html     |  2 ++
 templates/user_settings.html |  4 ++--
 4 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/main.py b/main.py
index a1048f3..7c6521d 100755
--- a/main.py
+++ b/main.py
@@ -94,42 +94,42 @@ def password_lost():
             flash(u"Un mail a été envoyé à " + user['email'], 'info')
     return render_template('password_lost.html')
 
-@app.route('/login/<username>/<key>')
-def login_key(username, key):
-    user = query_db('select * from users where email = ? and key = ?', [username, key], one=True)
+@app.route('/login/<userid>/<key>')
+def login_key(userid, key):
+    user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True)
     if user is None:
         abort(404)
     else:
         connect_user(user)
         # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée
         flash(u"Veuillez mettre à jour votre mot de passe", 'info')
-        return redirect(url_for('user_password'), username=user['name'])
+        return redirect(url_for('user_password'), userid=user['userid'])
 
 #---------------
 # User settings
 
-@app.route('/user/<username>')
-def show_user(username):
-    if username != session.get('username'):
+@app.route('/user/<userid>')
+def show_user(userid):
+    if int(userid) != session.get('userid'):
         abort(401)
     return render_template('show_user.html')
 
-@app.route('/user/settings/<username>', methods=['GET', 'POST'])
-def user_settings(username):
-    if username != session.get('username'):
+@app.route('/user/settings/<userid>', methods=['GET', 'POST'])
+def user_settings(userid):
+    if int(userid) != session.get('userid'):
         abort(401)
     if request.method == 'POST':
         g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
                 [request.form['email'], request.form['name'], request.form['organization'], session['userid']])
         g.db.commit()
-        disconnect_user()
+        disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D
         flash(u'Votre profil a été mis à jour !', 'success')
         return redirect(url_for('login'))
     return render_template('user_settings.html')
 
-@app.route('/user/password/<username>', methods=['GET', 'POST'])
-def user_password(username):
-    if username != session.get('username'):
+@app.route('/user/password/<userid>', methods=['GET', 'POST'])
+def user_password(userid):
+    if int(userid) != session.get('userid'):
         abort(401)
     if request.method == 'POST':
         if request.form['password'] == request.form['password2']:
diff --git a/templates/layout.html b/templates/layout.html
index fe444ed..5134106 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -31,11 +31,11 @@
     </div>
     <div class="btn-group pull-right">
       {% if 'username' in session %}
-      <a href="{{ url_for('show_user', username=session.username) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
+      <a href="{{ url_for('show_user', userid=session.userid) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
       <a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
       <ul class="dropdown-menu pull-right">
         <li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
-        <li><a href="{{ url_for('user_settings', username=session.username) }}"><i class="icon-cog"></i> Paramètres</a></li>
+        <li><a href="{{ url_for('user_settings', userid=session.userid) }}"><i class="icon-cog"></i> Paramètres</a></li>
         <li class="divider"></li>
         <li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
       </ul>
diff --git a/templates/show_user.html b/templates/show_user.html
index 08eb4bb..9ed3f60 100644
--- a/templates/show_user.html
+++ b/templates/show_user.html
@@ -9,6 +9,8 @@
     <dd>{{ session.organization }}
     <dt>Groupes :
     <dd><em>à venir</em>
+  </dl>
+  <a href="{{ url_for('user_settings', userid=session.userid) }}" class="btn btn-primary">Modifier</a>
 </div>
 {% endblock %}
 
diff --git a/templates/user_settings.html b/templates/user_settings.html
index 7cd7eaf..85da44c 100644
--- a/templates/user_settings.html
+++ b/templates/user_settings.html
@@ -3,7 +3,7 @@
 <h2>{{ session.username }}</h2>
 <div class="row">
   <div class="span6 well">
-    <form class="form-horizontal" action="{{ url_for('user_settings', username=session.username) }}" method="post">
+    <form class="form-horizontal" action="{{ url_for('user_settings', userid=session.userid) }}" method="post">
     <fieldset><legend>Mise à jour du profil utilisateur</legend>
       <div class="alert"><strong>Attention :</strong> À l'issue de ce formulaire, vous devrez vous reconnecter</div>
       <div class="control-group">
@@ -35,7 +35,7 @@
   </div>
 
   <div class="span5 well">
-    <form class="form-horizontal" action="{{ url_for('user_password', username=session.username) }}" method="post">
+    <form class="form-horizontal" action="{{ url_for('user_password', userid=session.userid) }}" method="post">
     <fieldset><legend>Modification du mot de passe</legend>
       <div class="control-group">
         <label class="control-label" for="password">Mot de passe</label>
-- 
2.20.1