diff --git a/cao_sunyata/forms.py b/cao_sunyata/forms.py index e78c6e4..6ca2961 100644 --- a/cao_sunyata/forms.py +++ b/cao_sunyata/forms.py @@ -1,6 +1,6 @@ from wtforms import Form, StringField, TextAreaField, SelectField, DateTimeField from wtforms import IntegerField, PasswordField -from wtforms.validators import InputRequired, Length, Email +from wtforms.validators import InputRequired, Length, EqualTo from wtforms.widgets import HiddenInput strip_filter = lambda x: x.strip() if x else None @@ -26,9 +26,11 @@ class BlogSearchForm(Form): filters=[strip_filter]) class UserCreateForm(Form): - username = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)], + id = IntegerField(widget=HiddenInput()) + name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)], filters=[strip_filter]) - password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)]) + password = PasswordField('Mot de passe') + confirm = PasswordField('Confirmer', validators=[EqualTo('password', message='Les 2 Passwords doivent être identiques')]) class TopicForm(Form): topic = StringField('Topic', validators=[InputRequired(), Length(min=1, max=25)], diff --git a/cao_sunyata/routes.py b/cao_sunyata/routes.py index 59ef6ba..198848e 100644 --- a/cao_sunyata/routes.py +++ b/cao_sunyata/routes.py @@ -15,5 +15,4 @@ def includeme(config): config.add_route('topic_edit', '/topic_edit/{topic}') config.add_route('topics', '/topics') config.add_route('users', '/users') - config.add_route('user_add', '/user_add/{name}') - config.add_route('user_pwd', '/user_pwd/{name}') + config.add_route('user_edit', '/user_edit/{name}') diff --git a/cao_sunyata/templates/layout.jinja2 b/cao_sunyata/templates/layout.jinja2 index 9154452..53a1063 100644 --- a/cao_sunyata/templates/layout.jinja2 +++ b/cao_sunyata/templates/layout.jinja2 @@ -37,26 +37,30 @@ diff --git a/cao_sunyata/templates/user_add.jinja2 b/cao_sunyata/templates/user_add.jinja2 deleted file mode 100644 index 444cacb..0000000 --- a/cao_sunyata/templates/user_add.jinja2 +++ /dev/null @@ -1,34 +0,0 @@ -{% extends "layout.jinja2" %} - -{% block content %} - -
- - {% for error in form.username.errors %} -
{{ error }}
- {% endfor %} - -
- - {{form.username(class_='form-control')}} -
- - {% for error in form.password.errors %} -
{{error}}
- {% endfor %} - -
- - {{form.password(class_='form-control')}} -
- -
- Retour - -
- - -
- -{% endblock %} diff --git a/cao_sunyata/templates/user_edit.jinja2 b/cao_sunyata/templates/user_edit.jinja2 new file mode 100644 index 0000000..929cc95 --- /dev/null +++ b/cao_sunyata/templates/user_edit.jinja2 @@ -0,0 +1,55 @@ +{% extends "layout.jinja2" %} + +{% block content %} + + {% if message %} +
+ {{ message }} +
+ {% endif %} + +
+ + {% for error in form.name.errors %} +
{{ error }}
+ {% endfor %} + +
+ + {% if form.id.data %} + + {% else %} + {{form.name(class_='form-control')}} + {% endif %} +
+ +
+ + {{form.password(class_='form-control')}} +
+ + {% for error in form.confirm.errors %} +
{{error}}
+ {% endfor %} + +
+ + {{form.confirm(class_='form-control')}} +
+ +
+
+ Retour + + {% if form.id.data and request.authenticated_userid == 'admin' %} + + {% endif %} + +
+ + +
+ +{% endblock %} diff --git a/cao_sunyata/templates/user_pwd.jinja2 b/cao_sunyata/templates/user_pwd.jinja2 deleted file mode 100644 index fa171ea..0000000 --- a/cao_sunyata/templates/user_pwd.jinja2 +++ /dev/null @@ -1,56 +0,0 @@ -{% extends "layout.jinja2" %} - -{% block content %} - -
- -
- - -
- -
-
- Dernière connexion : - {{ entry.last_logged.strftime("%d-%m-%Y - %H:%M") }} -
-
- -
- Retour - - {% if name != 'new' %} - - {% endif %} -
- -
- - - - -{% endblock %} diff --git a/cao_sunyata/templates/users.jinja2 b/cao_sunyata/templates/users.jinja2 index d10a556..f58d977 100644 --- a/cao_sunyata/templates/users.jinja2 +++ b/cao_sunyata/templates/users.jinja2 @@ -4,7 +4,7 @@

Retour - + Nouvel utilisateur

@@ -20,7 +20,7 @@ {{ entry.id }} - + {{ entry.name }} diff --git a/cao_sunyata/views/default.py b/cao_sunyata/views/default.py index c4f436c..217eaa6 100644 --- a/cao_sunyata/views/default.py +++ b/cao_sunyata/views/default.py @@ -187,58 +187,75 @@ def users(request): } -@view_config(route_name='user_add', - renderer='cao_sunyata:templates/user_add.jinja2', permission='manage') -def user_add(request): +@view_config(route_name='user_edit', renderer='cao_sunyata:templates/user_edit.jinja2', permission='view') +def user_edit(request): + message = '' name = request.matchdict['name'] + url = request.route_url('user_edit', name=name) + if request.authenticated_userid == 'admin': + url_retour = request.route_url('users') + else: + url_retour = request.route_url('home') + + if name == '0': + # nouvel utilisateur + user = User() + form = UserCreateForm(request.POST, user) + page_title = "Nouvel utilisateur" + else: + # lire la fiche du user + user = UserService.by_name(request, name) + if not user: + request.session.flash("Utilisateur non trouvé : %s" % name, 'danger') + return HTTPFound(location=url_retour) + + form = UserCreateForm(request.POST, user) + page_title = "Modification utilisateur" + - # nouveau - form = UserCreateForm(request.POST) - if 'form.submitted' in request.params and form.validate(): - # créer nouveau - new_user = User(name=form.username.data) - new_user.set_password(form.password.data.encode('utf8')) - request.dbsession.add(new_user) - return HTTPFound(location=request.route_url('users')) + # controle que le password a moins 6 car + if len(form.password.data) < 6 : + message = "Le mot de passe doit avoir au moins 6 caractères" + else: + if name == '0': + # création user + # controler que le nouvel user n'existe pas dans la BD + new_user = UserService.by_name(request, form.name.data) + if new_user: + message = "Utilisateur déjà créé : %s" % form.name.data + else: + form.populate_obj(user) + user.set_password(form.password.data.encode('utf8')) + # créer le nouveau + request.dbsession.add(user) + request.session.flash("La fiche a été créée avec succès.", 'success') + return HTTPFound(location=url_retour) + + else: + # modification user + del form.name # SECURITY: prevent overwriting of primary key + form.populate_obj(user) + user.set_password(form.password.data.encode('utf8')) + request.session.flash("La fiche a été modifiée avec succès.", 'success') + return HTTPFound(location=url_retour) + if 'form.deleted' in request.params: + UserService.delete(request, user.id) + request.session.flash("La fiche a été supprimée avec succès.", 'success') + return HTTPFound(location=url_retour) + return { - 'page_title': 'Nouvel utilisateur', + 'page_title': page_title, + 'message': message, 'form': form, + 'url': url, + 'url_retour': url_retour, 'name': name, } -@view_config(route_name='user_pwd', - renderer='cao_sunyata:templates/user_pwd.jinja2', permission='manage') -def user_pwd(request): - # reset password or delete user - name = request.matchdict['name'] - - # lire la fiche du membre - entry = UserService.by_name(request, name) - if not entry: - request.session.flash(u"Utilisateur non trouvé : %s" % name, 'warning') - return HTTPFound(location=request.route_url('users')) - - if 'form.submitted' in request.params: - mdp = request.params["new_password"] - entry.set_password(mdp.encode('utf8')) - return HTTPFound(location=request.route_url('users')) - - if 'form.deleted' in request.params: - UserService.delete(request, entry.id) - request.session.flash("La fiche a été supprimée avec succès.", 'success') - return HTTPFound(location=request.route_url('users')) - - - return { - 'page_title': "Utilisateur : %s" %(entry.name), - 'entry': entry, - } - -@view_config(route_name='topics', - renderer='cao_sunyata:templates/topics.jinja2', permission='view') +@view_config(route_name='topics', renderer='cao_sunyata:templates/topics.jinja2', permission='view') def topics(request): # get all topics topics = BlogRecordService.get_topics(request)