X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=main.py;h=cdfc66702bef85bfc182a758ce974e6e597288b6;hb=00a6f73a96b004e9323779ab42fa0eb435be12dd;hp=a1048f3057e1dfd1a7d121f188b2fb77c1cb7e6e;hpb=36ca5927bad5d375c596d5c187cc5b7eb4e62038;p=cavote.git diff --git a/main.py b/main.py index a1048f3..cdfc667 100755 --- a/main.py +++ b/main.py @@ -94,42 +94,42 @@ def password_lost(): flash(u"Un mail a été envoyé à " + user['email'], 'info') return render_template('password_lost.html') -@app.route('/login//') -def login_key(username, key): - user = query_db('select * from users where email = ? and key = ?', [username, key], one=True) +@app.route('/login//') +def login_key(userid, key): + user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True) if user is None: abort(404) else: connect_user(user) # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée flash(u"Veuillez mettre à jour votre mot de passe", 'info') - return redirect(url_for('user_password'), username=user['name']) + return redirect(url_for('user_password'), userid=user['userid']) #--------------- # User settings -@app.route('/user/') -def show_user(username): - if username != session.get('username'): +@app.route('/user/') +def show_user(userid): + if int(userid) != session.get('userid'): abort(401) return render_template('show_user.html') -@app.route('/user/settings/', methods=['GET', 'POST']) -def user_settings(username): - if username != session.get('username'): +@app.route('/user/settings/', methods=['GET', 'POST']) +def user_settings(userid): + if int(userid) != session.get('userid'): abort(401) if request.method == 'POST': g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?', [request.form['email'], request.form['name'], request.form['organization'], session['userid']]) g.db.commit() - disconnect_user() + disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D flash(u'Votre profil a été mis à jour !', 'success') return redirect(url_for('login')) return render_template('user_settings.html') -@app.route('/user/password/', methods=['GET', 'POST']) -def user_password(username): - if username != session.get('username'): +@app.route('/user/password/', methods=['GET', 'POST']) +def user_password(userid): + if int(userid) != session.get('userid'): abort(401) if request.method == 'POST': if request.form['password'] == request.form['password2']: @@ -144,6 +144,26 @@ def user_password(username): #------------ # User admin +@app.route('/users/admin/add', methods=['GET', 'POST']) +def add_user(): + if not session.get('is_admin'): + abort(401) + if request.method == 'POST': + if request.form['email']: + # :TODO:maethor:120528: Check fields + password = "toto" # :TODO:maethor:120528: Generate password + admin = 0 + if 'admin' in request.form.keys(): + admin = 1 + g.db.execute('insert into users (email, name, organization, password, is_admin) values (?, ?, ?, ?, ?)', + [request.form['email'], request.form['username'], request.form['organization'], password, admin]) + g.db.commit() + # :TODO:maethor:120528: Send mail + flash(u'Le nouvel utilisateur a été créé avec succès', 'success') + return redirect(url_for('home')) + else: + flash(u"Vous devez spécifier une adresse email.", 'error') + return render_template('add_user.html') #------------ # Votes list @@ -164,32 +184,31 @@ def show_votes(votes): #------------- # Votes admin -@app.route('/votes/admin/new') -def new_vote(): - if not session.get('is_admin'): - abort(401) - return render_template('new_vote.html') - -@app.route('/votes/admin/add', methods=['POST']) +@app.route('/votes/admin/add', methods=['GET', 'POST']) def add_vote(): if not session.get('is_admin'): abort(401) - date_begin = date.today() - date_end = date.today() + timedelta(days=int(request.form['days'])) - transparent = 0 - public = 0 - multiplechoice = 0 - if 'transparent' in request.form.keys(): - transparent = 1 - if 'public' in request.form.keys(): - public = 1 - if 'multiplechoice' in request.form.keys(): - multiplechoice = 1 - g.db.execute('insert into votes (title, description, date_begin, date_end, is_transparent, is_public, is_multiplechoice) values (?, ?, ?, ?, ?, ?, ?)', - [request.form['title'], request.form['description'], date_begin, date_end, transparent, public, multiplechoice]) - g.db.commit() - flash('New entry was successfully posted', 'info') - return redirect(url_for('home')) + if request.method == 'POST': + if request.form['title']: + date_begin = date.today() + date_end = date.today() + timedelta(days=int(request.form['days'])) + transparent = 0 + public = 0 + multiplechoice = 0 + if 'transparent' in request.form.keys(): + transparent = 1 + if 'public' in request.form.keys(): + public = 1 + if 'multiplechoice' in request.form.keys(): + multiplechoice = 1 + g.db.execute('insert into votes (title, description, date_begin, date_end, is_transparent, is_public, is_multiplechoice) values (?, ?, ?, ?, ?, ?, ?)', + [request.form['title'], request.form['description'], date_begin, date_end, transparent, public, multiplechoice]) + g.db.commit() + flash('New entry was successfully posted', 'info') + return redirect(url_for('home')) + else: + flash(u'Vous devez spécifier un titre.', 'error') + return render_template('new_vote.html') #------ # Main