From 85f8423a3901b4b05e5d7f7f4503337308c33e0f Mon Sep 17 00:00:00 2001 From: Phuoc CAO Date: Wed, 28 Jun 2023 16:55:36 +0200 Subject: [PATCH] merge user_add and user_pwd into user_edit --- ctp_blogr.sqlite | Bin 573440 -> 573440 bytes ctp_blogr/__init__.py | 2 +- ctp_blogr/forms.py | 9 ++- ctp_blogr/routes.py | 3 +- ctp_blogr/templates/layout.jinja2 | 4 ++ ctp_blogr/templates/user_add.jinja2 | 34 ---------- ctp_blogr/templates/user_edit.jinja2 | 55 +++++++++++++++ ctp_blogr/templates/user_pwd.jinja2 | 30 --------- ctp_blogr/templates/users.jinja2 | 4 +- ctp_blogr/views/default.py | 97 ++++++++++++++++----------- 10 files changed, 127 insertions(+), 111 deletions(-) delete mode 100644 ctp_blogr/templates/user_add.jinja2 create mode 100644 ctp_blogr/templates/user_edit.jinja2 delete mode 100644 ctp_blogr/templates/user_pwd.jinja2 diff --git a/ctp_blogr.sqlite b/ctp_blogr.sqlite index 8df54e86a38545bab98ce2d5f3a788dd44a6ad28..f35ca23ff4c88e229b1a9049e643793ba31efc20 100644 GIT binary patch delta 331 zcmZo@P;O{Yo*>PrJyFJ)RhvOi;>5<3YQK6T=b}{Sa3lAybf2&YSKo4#0Av3mH|GfF z%2cyVM|Y11$4ryFY?sPJA8)f_|Df=^iU5DN#2~}WtVC14j3D>YurNI*zx=RD!+`Yi zD7S0_qnz@r5~nhKgJ6$fw=zRZJ^v~v14APNBV%0yGhHJK1w%6{V`D2Lb3G$NQ*$O$ z)6EI~%M=(DC$kp>GchS{jwv|G$gIblIQf5>EPrB2W`16=LO^9vVs2)NzMqdS>Rv<_0Fy3pcZgx1aH40%B$$W&vVW PAZ7z%_U&hUIZTQGw_jwv delta 340 zcmZo@P;O{Yo*>PrHc`fzRgFQZ>6z0#A3i^YVO z3j`H-xq!|v&^55oHM9UZ!^FbM*svg@G(QK&|c>5V&CLm@8Viq7~1!6WJ MX5W6sm&2q80Lr^#bN~PV diff --git a/ctp_blogr/__init__.py b/ctp_blogr/__init__.py index 680d01c..20ebb3a 100644 --- a/ctp_blogr/__init__.py +++ b/ctp_blogr/__init__.py @@ -10,7 +10,7 @@ def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ # session factory - my_session_factory = SignedCookieSessionFactory('mGcAJn2HmNH6Hc') + my_session_factory = SignedCookieSessionFactory('hZug2zPt7hT2MZ') authentication_policy = AuthTktAuthenticationPolicy('J2wv322aL5DTn2', callback=groupfinder, hashalg='sha512', timeout=36000) diff --git a/ctp_blogr/forms.py b/ctp_blogr/forms.py index aefbc00..03d0480 100644 --- a/ctp_blogr/forms.py +++ b/ctp_blogr/forms.py @@ -1,6 +1,6 @@ from wtforms import Form, StringField, TextAreaField, SelectField, DecimalField from wtforms import IntegerField, PasswordField -from wtforms.validators import InputRequired, Length +from wtforms.validators import InputRequired, Length, EqualTo from wtforms.widgets import HiddenInput strip_filter = lambda x: x.strip() if x else None @@ -26,8 +26,11 @@ class TagForm(Form): class UserCreateForm(Form): - username = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)], filters=[strip_filter]) - password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)]) + id = IntegerField(widget=HiddenInput()) + name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)], + filters=[strip_filter]) + password = PasswordField('Mot de passe') + confirm = PasswordField('Confirmer', validators=[EqualTo('password', message='Les 2 Passwords doivent être identiques')]) class HistoForm(Form): no_id = IntegerField(widget=HiddenInput()) diff --git a/ctp_blogr/routes.py b/ctp_blogr/routes.py index 1a665f3..5ffef17 100644 --- a/ctp_blogr/routes.py +++ b/ctp_blogr/routes.py @@ -11,8 +11,7 @@ def includeme(config): config.add_route('tags', '/tags') config.add_route('tag_edit', '/tag_edit/{id}') config.add_route('users', '/users') - config.add_route('user_add', '/user_add/{name}') - config.add_route('user_pwd', '/user_pwd/{name}') + config.add_route('user_edit', '/user_edit/{name}') # portfolio config.add_route('actif_edit', '/actif_edit/{no_id}') config.add_route('actif2_edit', '/actif2_edit/{no_id}') diff --git a/ctp_blogr/templates/layout.jinja2 b/ctp_blogr/templates/layout.jinja2 index 45e2f4c..2a26e13 100644 --- a/ctp_blogr/templates/layout.jinja2 +++ b/ctp_blogr/templates/layout.jinja2 @@ -42,6 +42,10 @@
    {% if request.authenticated_userid == 'admin' %}
  •   Utilisateurs
    • + {% else %} +
  • +   Modifier le mot de passe +
    • {% endif %}
  •   Portfolio
  •   Tags
    • diff --git a/ctp_blogr/templates/user_add.jinja2 b/ctp_blogr/templates/user_add.jinja2 deleted file mode 100644 index 444cacb..0000000 --- a/ctp_blogr/templates/user_add.jinja2 +++ /dev/null @@ -1,34 +0,0 @@ -{% extends "layout.jinja2" %} - -{% block content %} - -
    - - {% for error in form.username.errors %} -
    {{ error }}
    - {% endfor %} - -
    - - {{form.username(class_='form-control')}} -
    - - {% for error in form.password.errors %} -
    {{error}}
    - {% endfor %} - -
    - - {{form.password(class_='form-control')}} -
    - -
    - Retour - -
    - - -
    - -{% endblock %} diff --git a/ctp_blogr/templates/user_edit.jinja2 b/ctp_blogr/templates/user_edit.jinja2 new file mode 100644 index 0000000..929cc95 --- /dev/null +++ b/ctp_blogr/templates/user_edit.jinja2 @@ -0,0 +1,55 @@ +{% extends "layout.jinja2" %} + +{% block content %} + + {% if message %} +
    + {{ message }} +
    + {% endif %} + +
    + + {% for error in form.name.errors %} +
    {{ error }}
    + {% endfor %} + +
    + + {% if form.id.data %} + + {% else %} + {{form.name(class_='form-control')}} + {% endif %} +
    + +
    + + {{form.password(class_='form-control')}} +
    + + {% for error in form.confirm.errors %} +
    {{error}}
    + {% endfor %} + +
    + + {{form.confirm(class_='form-control')}} +
    + +
    +
    + Retour + + {% if form.id.data and request.authenticated_userid == 'admin' %} + + {% endif %} + +
    + + +
    + +{% endblock %} diff --git a/ctp_blogr/templates/user_pwd.jinja2 b/ctp_blogr/templates/user_pwd.jinja2 deleted file mode 100644 index fa90e7c..0000000 --- a/ctp_blogr/templates/user_pwd.jinja2 +++ /dev/null @@ -1,30 +0,0 @@ -{% extends "layout.jinja2" %} - -{% block content %} - -
    - -
    - - -
    - -
    -
    - Dernière connexion : - {{ entry.last_logged.strftime("%d-%m-%Y - %H:%M") }}
    -
    - -
    - Retour - - {% if name != 'new' %} - - {% endif %} -
    - -
    - -{% endblock %} diff --git a/ctp_blogr/templates/users.jinja2 b/ctp_blogr/templates/users.jinja2 index 22ef3f5..46d697c 100644 --- a/ctp_blogr/templates/users.jinja2 +++ b/ctp_blogr/templates/users.jinja2 @@ -4,7 +4,7 @@

    Retour - + Nouvel utilisateur

    @@ -20,7 +20,7 @@ {{ entry.id }} - + {{ entry.name }} diff --git a/ctp_blogr/views/default.py b/ctp_blogr/views/default.py index df7afb8..8fd2551 100644 --- a/ctp_blogr/views/default.py +++ b/ctp_blogr/views/default.py @@ -82,51 +82,70 @@ def users(request): 'users': users } - -@view_config(route_name='user_add', renderer='../templates/user_add.jinja2', permission='manage') -def user_add(request): +@view_config(route_name='user_edit', renderer='ctp_blogr:templates/user_edit.jinja2', permission='view') +def user_edit(request): + message = '' name = request.matchdict['name'] + url = request.route_url('user_edit', name=name) + if request.authenticated_userid == 'admin': + url_retour = request.route_url('users') + else: + url_retour = request.route_url('home') + + if name == '0': + # nouvel utilisateur + user = User() + form = UserCreateForm(request.POST, user) + page_title = "Nouvel utilisateur" + else: + # lire la fiche du user + user = UserService.by_name(request, name) + if not user: + request.session.flash("Utilisateur non trouvé : %s" % name, 'danger') + return HTTPFound(location=url_retour) + + form = UserCreateForm(request.POST, user) + page_title = "Modification utilisateur" + - # nouveau - form = UserCreateForm(request.POST) - if 'form.submitted' in request.params and form.validate(): - # créer nouveau - new_user = User(name=form.username.data) - new_user.set_password(form.password.data.encode('utf8')) - request.dbsession.add(new_user) - return HTTPFound(location=request.route_url('users')) + # controle que le password a moins 6 car + if len(form.password.data) < 6 : + message = "Le mot de passe doit avoir au moins 6 caractères" + else: + if name == '0': + # création user + # controler que le nouvel user n'existe pas dans la BD + new_user = UserService.by_name(request, form.name.data) + if new_user: + message = "Utilisateur déjà créé : %s" % form.name.data + else: + form.populate_obj(user) + user.set_password(form.password.data.encode('utf8')) + # créer le nouveau + request.dbsession.add(user) + request.session.flash("La fiche a été créée avec succès.", 'success') + return HTTPFound(location=url_retour) + + else: + # modification user + del form.name # SECURITY: prevent overwriting of primary key + form.populate_obj(user) + user.set_password(form.password.data.encode('utf8')) + request.session.flash("La fiche a été modifiée avec succès.", 'success') + return HTTPFound(location=url_retour) + if 'form.deleted' in request.params: + UserService.delete(request, user.id) + request.session.flash("La fiche a été supprimée avec succès.", 'success') + return HTTPFound(location=url_retour) + return { - 'page_title': 'Nouvel utilsateur', + 'page_title': page_title, + 'message': message, 'form': form, + 'url': url, + 'url_retour': url_retour, 'name': name, } - -@view_config(route_name='user_pwd', renderer='../templates/user_pwd.jinja2', permission='manage') -def user_pwd(request): - # reset password or delete user - name = request.matchdict['name'] - - # lire la fiche du membre - entry = UserService.by_name(request, name) - if not entry: - request.session.flash(u"Utilisateur non trouvé : %s" % name, 'warning') - return HTTPFound(location=request.route_url('users')) - - if 'form.submitted' in request.params: - mdp = request.params["new_password"] - entry.set_password(mdp.encode('utf8')) - return HTTPFound(location=request.route_url('users')) - - if 'form.deleted' in request.params: - UserService.delete(request, entry.id) - request.session.flash("La fiche a été supprimée avec succès.", 'success') - return HTTPFound(location=request.route_url('users')) - - - return { - 'page_title': "Utilisateur : %s" %(entry.name), - 'entry': entry, - }