améliorer la saisie des ustilisateurs

cao_blogr/forms.py

@@ -1,6 +1,6 @@
 from wtforms import Form, StringField, TextAreaField, SelectField, validators
 from wtforms import IntegerField, PasswordField
-from wtforms.validators import InputRequired, Length
+from wtforms.validators import InputRequired, Length, EqualTo
 from wtforms.widgets import HiddenInput
 
 strip_filter = lambda x: x.strip() if x else None
@@ -22,13 +22,15 @@ class BlogSearchForm(Form):
 
 class TagForm(Form):
     id = IntegerField(widget=HiddenInput())
-
     tag = StringField('Tag', validators=[InputRequired(), Length(min=1, max=25)],
                         filters=[strip_filter])
 
 
 class UserCreateForm(Form):
-    username = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
+    id = IntegerField(widget=HiddenInput())
+    name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
                            filters=[strip_filter])
-    password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)])
+    password = PasswordField('Mot de passe')
+
+    confirm = PasswordField('Confirmer', validators=[EqualTo('password', message='Les 2 Passwords doivent être identiques')])
 

cao_blogr/routes.py

@@ -10,5 +10,4 @@ def includeme(config):
     config.add_route('tags', '/tags')
     config.add_route('tag_edit', '/tag_edit/{id}')
     config.add_route('users', '/users')
-    config.add_route('user_add', '/user_add/{name}')
+    config.add_route('user_edit', '/user_edit/{name}')
-    config.add_route('user_pwd', '/user_pwd/{name}')

cao_blogr/templates/layout.jinja2

@@ -42,6 +42,10 @@
             <ul class="dropdown-menu">
               {% if request.authenticated_userid == 'admin' %}
                 <li><a href="{{request.route_url('users')}}"><span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Utilisateurs</a></li>
+              {% else %}
+                <li><a href="{{request.route_url('user_edit', name=request.authenticated_userid)}}">
+                  <span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Modifier le mot de passe</a>
+                </li>
               {% endif %}
               <li><a href="{{ request.route_url('tags') }}"><span class="glyphicon glyphicon-tag"></span>&nbsp;&nbsp;Tags</a></li>
               <li><a href="{{ request.route_url('logout') }}"><span class="glyphicon glyphicon-off"></span>&nbsp;&nbsp;Se déconnecter</a></li>

cao_blogr/templates/user_add.jinja2

@@ -1,34 +0,0 @@
-{% extends "cao_blogr:templates/layout.jinja2" %}
-
-{% block content %}
-
-    <form action="{{request.route_url('user_add', name=name)}}" method="post" class="form">
-
-        {% for error in form.username.errors %}
-            <div class="error">{{ error }}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="username">{{form.username.label}}</label>
-            {{form.username(class_='form-control')}}
-        </div>
-
-        {% for error in form.password.errors %}
-            <div class="error">{{error}}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="password">{{form.password.label}}</label>
-            {{form.password(class_='form-control')}}
-        </div>
-
-        <div class="form-group">					
-            <a class="btn btn-default" href="{{ request.route_url('users') }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-            <button class="btn btn-primary" type="submit" name="form.submitted">
-                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
-        </div>
-
-
-    </form>
-
-{% endblock %}

cao_blogr/templates/user_edit.jinja2

@@ -0,0 +1,44 @@
+{% extends "cao_blogr:templates/layout.jinja2" %}
+
+{% block content %}
+
+    <form action="{{ url }}" method="post" class="form">
+
+        {% for error in form.name.errors %}
+            <div class="error">{{ error }}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="name">{{form.name.label}}</label>
+            {{form.name(class_='form-control')}}
+        </div>
+
+        <div class="form-group">
+            <label class="required-field" for="password">{{form.password.label}}</label>
+            {{form.password(class_='form-control')}}
+        </div>
+
+        {% for error in form.confirm.errors %}
+            <div class="error">{{error}}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="confirm">{{form.confirm.label}}</label>
+            {{form.confirm(class_='form-control')}}
+        </div>
+
+        <div class="form-group">					
+            <a class="btn btn-default" href="{{ url_retour }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
+            <button class="btn btn-primary" type="submit" name="form.submitted">
+                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
+            {% if form.id.data and request.authenticated_userid == 'admin' %}
+                <button class="btn btn-warning" type="submit" name="form.deleted">
+                    <span class="glyphicon glyphicon-remove"></span> Supprimer</button>
+            {% endif %}
+            
+        </div>
+
+
+    </form>
+
+{% endblock %}

cao_blogr/templates/users.jinja2

@@ -4,7 +4,7 @@
     <p>
         <a href="{{ request.route_url('home' ) }}" class="btn btn-default" role="button">
             <span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-        <a href="{{ request.route_url('user_add', name='new') }}" class="btn btn-success" role="button">
+        <a href="{{ request.route_url('user_edit', name='0') }}" class="btn btn-success" role="button">
             <span class="glyphicon glyphicon-plus"></span> Nouvel utilisateur</a>
     </p>
 
@@ -20,7 +20,7 @@
             <tr>
                 <td>{{ entry.id }}</td>
                 <td>
-                    <a href="{{ request.route_url('user_pwd', name=entry.name) }}">
+                    <a href="{{ request.route_url('user_edit', name=entry.name) }}">
                         {{ entry.name }}
                     </a>
                     </td>

cao_blogr/views/default.py

@@ -84,50 +84,70 @@ def users(request):
         }
 
 
-@view_config(route_name='user_add', renderer='cao_blogr:templates/user_add.jinja2', permission='manage')
+@view_config(route_name='user_edit', renderer='cao_blogr:templates/user_edit.jinja2', permission='view')
-def user_add(request):
+def user_edit(request):
-    name = request.matchdict['name']
+
+    name = request.matchdict['name']
+    url = request.route_url('user_edit', name=name)
+    if request.authenticated_userid == 'admin':
+        url_retour = request.route_url('users')
+    else:
+        url_retour = request.route_url('home')
+
+    if name == '0':
+        # nouvel utilisateur
+        user = User()
+        form = UserCreateForm(request.POST, user)
+        page_title = "Nouvel utilisateur"
+    else:
+        # lire la fiche du user 
+        user = UserService.by_name(request, name)
+        if not user:
+            request.session.flash("Utilisateur non trouvé : %s" % name, 'danger')
+            return HTTPFound(location=url_retour)
+
+        form = UserCreateForm(request.POST, user)
+        page_title = "Modification utilisateur"
+
 
-    # nouveau
-    form = UserCreateForm(request.POST)
- 
     if 'form.submitted' in request.params and form.validate():
-        # créer nouveau
+        if name == '0':
-        new_user = User(name=form.username.data)
+            # controle que le password a moins 6 car
-        new_user.set_password(form.password.data.encode('utf8'))
+            if len(form.password.data) < 6 :
-        request.dbsession.add(new_user)
+                request.session.flash(u"Le mot de passe doit avoir au moins 6 caractères", 'danger')
-        return HTTPFound(location=request.route_url('users'))
+                return HTTPFound(location=url)
+
+            # controler que le nouvel user n'existe pas dans la BD 
+            new_user = UserService.by_name(request, form.name.data)
+            if new_user:
+                request.session.flash("Utilisateur déjà créé : %s" % form.name.data, 'danger')
+                return HTTPFound(location=url)
+
+            form.populate_obj(user)
+            user.set_password(form.password.data.encode('utf8'))
+            # créer le nouveau
+            request.dbsession.add(user)
+            request.session.flash("La fiche a été créée avec succès.", 'success')
+            return HTTPFound(location=url_retour)
+        else:
+            del form.name  # SECURITY: prevent overwriting of primary key
+            form.populate_obj(user)
+            user.set_password(form.password.data.encode('utf8'))
+            request.session.flash("La fiche a été modifiée avec succès.", 'success')
+            return HTTPFound(location=url_retour)
     
+    if 'form.deleted' in request.params:
+        UserService.delete(request, user.id)
+        request.session.flash("La fiche a été supprimée avec succès.", 'success')
+        return HTTPFound(location=url_retour)
+
     return {
-        'page_title': 'Nouvel utilsateur',
+        'page_title': page_title,
         'form': form, 
+        'url': url,
+        'url_retour': url_retour,
         'name': name,
         }
 
 
-@view_config(route_name='user_pwd', renderer='cao_blogr:templates/user_pwd.jinja2', permission='manage')
-def user_pwd(request):
-    # reset password or delete user
-    name = request.matchdict['name']
 
-    # lire la fiche du membre 
-    entry = UserService.by_name(request, name)
-    if not entry:
-        request.session.flash(u"Utilisateur non trouvé : %s" % name, 'warning')
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.submitted' in request.params:
-        mdp = request.params["new_password"]
-        entry.set_password(mdp.encode('utf8'))
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.deleted' in request.params:
-        UserService.delete(request, entry.id)
-        request.session.flash("La fiche a été supprimée avec succès.", 'success')
-        return HTTPFound(location=request.route_url('users'))
-
-    
-    return {
-        'page_title': "Utilisateur : %s" %(entry.name),
-        'entry': entry,
-    }