From 47465d1f40d126e9722727863f40120e676e9160 Mon Sep 17 00:00:00 2001
From: Phuoc Cao <phuoc@caotek.fr>
Date: Tue, 27 Jun 2023 18:07:05 +0200
Subject: [PATCH] =?UTF-8?q?am=C3=A9liorer=20la=20saisie=20des=20ustilisate?=
 =?UTF-8?q?urs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cao_blogr.sqlite                     | Bin 32768 -> 32768 bytes
 cao_blogr/forms.py                   |  10 +--
 cao_blogr/routes.py                  |   3 +-
 cao_blogr/templates/layout.jinja2    |   4 ++
 cao_blogr/templates/user_add.jinja2  |  34 ----------
 cao_blogr/templates/user_edit.jinja2 |  44 +++++++++++++
 cao_blogr/templates/users.jinja2     |   4 +-
 cao_blogr/views/default.py           |  94 ++++++++++++++++-----------
 8 files changed, 114 insertions(+), 79 deletions(-)
 delete mode 100644 cao_blogr/templates/user_add.jinja2
 create mode 100644 cao_blogr/templates/user_edit.jinja2

diff --git a/cao_blogr.sqlite b/cao_blogr.sqlite
index 3dbf1fa3b0148ab30c2dfd208c619d34ab3e75ae..39f12094211af57887afd6712191d82e4f29528f 100644
GIT binary patch
delta 398
zcmY+=NlwC0007WRqYF%^#ud?sF=c7(_<w&BV;D>=lpzNBl#L997KK(yTPTSE_AWGD
zz$+Lo;2}JLd)IC?apetO-f|gRE@Myo8|mkR+-90!aN*5-J&%)#6hXBT?}^lUcV{=T
zSRImEL~`|zY0rC}AJKsJ+`us>XFvih%hI}(9r#?X5zgUdx1A}`o_UJha=mU0JzT}0
z?~k#CLT${eVNL2ZFKZ3$-qzY#M~|*?G%4k$>ewF{D7bY&&l7QRICc2WXckz43X8{A
z+yFDijOAHgIAOsF505xOk&q(r3@dOl6kp!UsYSs>xf~k~gl=`Ht3gC_{feOlrdeWi
zHCv6GCRep5*JY&h7oBb>R;IdjI&6o<E8PrSB#S*OwEK2lngBFXL#A+-v5lIODOgi~
zUI%EL$6CJlPXQHCP(;K)8KIaAUs{#N<3Ar%Bu<fd1`0BQAWjejNqrL3H}y$<{jPpc
R+i^0v@fS+2zi#%9egF+{b{zl!

delta 222
zcmZo@U}|V!njp<6HBrWyRf<7R;>5<31@;_Fd<Pi#6Zj5n78KaRH~D~{e0_O<L3U1}
zlb?USXJlSfMVX3TijRkPSzd^HP)KS>ich(hXQ+j{WtfXeMS;6-qJNlgW>8|JpJ%py
zP>PdxKwfUXg<iTxo^O(`o^x<Sc$RUtWstr>QK@rrX?AHqm1(g@xkZ+vfsuicv95uk
zu91;~p@EgLF%apQ7@8R}S(;5w@b6K8%a~Xhn(7&u85vrba4|42F!8@-;Q!A57U<yn
O{7eiCo8QI@D*yn<$Uyi2

diff --git a/cao_blogr/forms.py b/cao_blogr/forms.py
index 021ce72..0e929aa 100644
--- a/cao_blogr/forms.py
+++ b/cao_blogr/forms.py
@@ -1,6 +1,6 @@
 from wtforms import Form, StringField, TextAreaField, SelectField, validators
 from wtforms import IntegerField, PasswordField
-from wtforms.validators import InputRequired, Length
+from wtforms.validators import InputRequired, Length, EqualTo
 from wtforms.widgets import HiddenInput
 
 strip_filter = lambda x: x.strip() if x else None
@@ -22,13 +22,15 @@ class BlogSearchForm(Form):
 
 class TagForm(Form):
     id = IntegerField(widget=HiddenInput())
-
     tag = StringField('Tag', validators=[InputRequired(), Length(min=1, max=25)],
                         filters=[strip_filter])
 
 
 class UserCreateForm(Form):
-    username = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
+    id = IntegerField(widget=HiddenInput())
+    name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
                            filters=[strip_filter])
-    password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)])
+    password = PasswordField('Mot de passe')
+
+    confirm = PasswordField('Confirmer', validators=[EqualTo('password', message='Les 2 Passwords doivent être identiques')])
 
diff --git a/cao_blogr/routes.py b/cao_blogr/routes.py
index cf1e8da..68bd985 100644
--- a/cao_blogr/routes.py
+++ b/cao_blogr/routes.py
@@ -10,5 +10,4 @@ def includeme(config):
     config.add_route('tags', '/tags')
     config.add_route('tag_edit', '/tag_edit/{id}')
     config.add_route('users', '/users')
-    config.add_route('user_add', '/user_add/{name}')
-    config.add_route('user_pwd', '/user_pwd/{name}')
+    config.add_route('user_edit', '/user_edit/{name}')
diff --git a/cao_blogr/templates/layout.jinja2 b/cao_blogr/templates/layout.jinja2
index c63e63e..558c186 100644
--- a/cao_blogr/templates/layout.jinja2
+++ b/cao_blogr/templates/layout.jinja2
@@ -42,6 +42,10 @@
             <ul class="dropdown-menu">
               {% if request.authenticated_userid == 'admin' %}
                 <li><a href="{{request.route_url('users')}}"><span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Utilisateurs</a></li>
+              {% else %}
+                <li><a href="{{request.route_url('user_edit', name=request.authenticated_userid)}}">
+                  <span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Modifier le mot de passe</a>
+                </li>
               {% endif %}
               <li><a href="{{ request.route_url('tags') }}"><span class="glyphicon glyphicon-tag"></span>&nbsp;&nbsp;Tags</a></li>
               <li><a href="{{ request.route_url('logout') }}"><span class="glyphicon glyphicon-off"></span>&nbsp;&nbsp;Se déconnecter</a></li>
diff --git a/cao_blogr/templates/user_add.jinja2 b/cao_blogr/templates/user_add.jinja2
deleted file mode 100644
index 739b677..0000000
--- a/cao_blogr/templates/user_add.jinja2
+++ /dev/null
@@ -1,34 +0,0 @@
-{% extends "cao_blogr:templates/layout.jinja2" %}
-
-{% block content %}
-
-    <form action="{{request.route_url('user_add', name=name)}}" method="post" class="form">
-
-        {% for error in form.username.errors %}
-            <div class="error">{{ error }}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="username">{{form.username.label}}</label>
-            {{form.username(class_='form-control')}}
-        </div>
-
-        {% for error in form.password.errors %}
-            <div class="error">{{error}}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="password">{{form.password.label}}</label>
-            {{form.password(class_='form-control')}}
-        </div>
-
-        <div class="form-group">					
-            <a class="btn btn-default" href="{{ request.route_url('users') }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-            <button class="btn btn-primary" type="submit" name="form.submitted">
-                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
-        </div>
-
-
-    </form>
-
-{% endblock %}
diff --git a/cao_blogr/templates/user_edit.jinja2 b/cao_blogr/templates/user_edit.jinja2
new file mode 100644
index 0000000..64c1982
--- /dev/null
+++ b/cao_blogr/templates/user_edit.jinja2
@@ -0,0 +1,44 @@
+{% extends "cao_blogr:templates/layout.jinja2" %}
+
+{% block content %}
+
+    <form action="{{ url }}" method="post" class="form">
+
+        {% for error in form.name.errors %}
+            <div class="error">{{ error }}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="name">{{form.name.label}}</label>
+            {{form.name(class_='form-control')}}
+        </div>
+
+        <div class="form-group">
+            <label class="required-field" for="password">{{form.password.label}}</label>
+            {{form.password(class_='form-control')}}
+        </div>
+
+        {% for error in form.confirm.errors %}
+            <div class="error">{{error}}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="confirm">{{form.confirm.label}}</label>
+            {{form.confirm(class_='form-control')}}
+        </div>
+
+        <div class="form-group">					
+            <a class="btn btn-default" href="{{ url_retour }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
+            <button class="btn btn-primary" type="submit" name="form.submitted">
+                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
+            {% if form.id.data and request.authenticated_userid == 'admin' %}
+                <button class="btn btn-warning" type="submit" name="form.deleted">
+                    <span class="glyphicon glyphicon-remove"></span> Supprimer</button>
+            {% endif %}
+            
+        </div>
+
+
+    </form>
+
+{% endblock %}
diff --git a/cao_blogr/templates/users.jinja2 b/cao_blogr/templates/users.jinja2
index 22ef3f5..46d697c 100644
--- a/cao_blogr/templates/users.jinja2
+++ b/cao_blogr/templates/users.jinja2
@@ -4,7 +4,7 @@
     <p>
         <a href="{{ request.route_url('home' ) }}" class="btn btn-default" role="button">
             <span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-        <a href="{{ request.route_url('user_add', name='new') }}" class="btn btn-success" role="button">
+        <a href="{{ request.route_url('user_edit', name='0') }}" class="btn btn-success" role="button">
             <span class="glyphicon glyphicon-plus"></span> Nouvel utilisateur</a>
     </p>
 
@@ -20,7 +20,7 @@
             <tr>
                 <td>{{ entry.id }}</td>
                 <td>
-                    <a href="{{ request.route_url('user_pwd', name=entry.name) }}">
+                    <a href="{{ request.route_url('user_edit', name=entry.name) }}">
                         {{ entry.name }}
                     </a>
                     </td>
diff --git a/cao_blogr/views/default.py b/cao_blogr/views/default.py
index 79b8f01..09be545 100644
--- a/cao_blogr/views/default.py
+++ b/cao_blogr/views/default.py
@@ -84,50 +84,70 @@ def users(request):
         }
 
 
-@view_config(route_name='user_add', renderer='cao_blogr:templates/user_add.jinja2', permission='manage')
-def user_add(request):
-    name = request.matchdict['name']
+@view_config(route_name='user_edit', renderer='cao_blogr:templates/user_edit.jinja2', permission='view')
+def user_edit(request):
+
+    name = request.matchdict['name']
+    url = request.route_url('user_edit', name=name)
+    if request.authenticated_userid == 'admin':
+        url_retour = request.route_url('users')
+    else:
+        url_retour = request.route_url('home')
+
+    if name == '0':
+        # nouvel utilisateur
+        user = User()
+        form = UserCreateForm(request.POST, user)
+        page_title = "Nouvel utilisateur"
+    else:
+        # lire la fiche du user 
+        user = UserService.by_name(request, name)
+        if not user:
+            request.session.flash("Utilisateur non trouvé : %s" % name, 'danger')
+            return HTTPFound(location=url_retour)
+
+        form = UserCreateForm(request.POST, user)
+        page_title = "Modification utilisateur"
+
 
-    # nouveau
-    form = UserCreateForm(request.POST)
- 
     if 'form.submitted' in request.params and form.validate():
-        # créer nouveau
-        new_user = User(name=form.username.data)
-        new_user.set_password(form.password.data.encode('utf8'))
-        request.dbsession.add(new_user)
-        return HTTPFound(location=request.route_url('users'))
+        if name == '0':
+            # controle que le password a moins 6 car
+            if len(form.password.data) < 6 :
+                request.session.flash(u"Le mot de passe doit avoir au moins 6 caractères", 'danger')
+                return HTTPFound(location=url)
+
+            # controler que le nouvel user n'existe pas dans la BD 
+            new_user = UserService.by_name(request, form.name.data)
+            if new_user:
+                request.session.flash("Utilisateur déjà créé : %s" % form.name.data, 'danger')
+                return HTTPFound(location=url)
+
+            form.populate_obj(user)
+            user.set_password(form.password.data.encode('utf8'))
+            # créer le nouveau
+            request.dbsession.add(user)
+            request.session.flash("La fiche a été créée avec succès.", 'success')
+            return HTTPFound(location=url_retour)
+        else:
+            del form.name  # SECURITY: prevent overwriting of primary key
+            form.populate_obj(user)
+            user.set_password(form.password.data.encode('utf8'))
+            request.session.flash("La fiche a été modifiée avec succès.", 'success')
+            return HTTPFound(location=url_retour)
     
+    if 'form.deleted' in request.params:
+        UserService.delete(request, user.id)
+        request.session.flash("La fiche a été supprimée avec succès.", 'success')
+        return HTTPFound(location=url_retour)
+
     return {
-        'page_title': 'Nouvel utilsateur',
+        'page_title': page_title,
         'form': form, 
+        'url': url,
+        'url_retour': url_retour,
         'name': name,
         }
 
 
-@view_config(route_name='user_pwd', renderer='cao_blogr:templates/user_pwd.jinja2', permission='manage')
-def user_pwd(request):
-    # reset password or delete user
-    name = request.matchdict['name']
 
-    # lire la fiche du membre 
-    entry = UserService.by_name(request, name)
-    if not entry:
-        request.session.flash(u"Utilisateur non trouvé : %s" % name, 'warning')
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.submitted' in request.params:
-        mdp = request.params["new_password"]
-        entry.set_password(mdp.encode('utf8'))
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.deleted' in request.params:
-        UserService.delete(request, entry.id)
-        request.session.flash("La fiche a été supprimée avec succès.", 'success')
-        return HTTPFound(location=request.route_url('users'))
-
-    
-    return {
-        'page_title': "Utilisateur : %s" %(entry.name),
-        'entry': entry,
-    }