diff options
| author | rubenwardy <rw@rubenwardy.com> | 2018-03-24 19:37:33 +0000 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2018-03-24 19:37:33 +0000 |
| commit | 69efdd7fdeca8f278da4c511d4b3aef4cdab1129 (patch) | |
| tree | d90629d1c291bf299fc2658f3d8cb7375d0a6e9e /app/views/users.py | |
| parent | f51224a8d5b2204798611465c77308c90839730b (diff) | |
| download | cheatdb-69efdd7fdeca8f278da4c511d4b3aef4cdab1129.tar.xz | |
Add user rank changing
Fixes #14
Diffstat (limited to 'app/views/users.py')
| -rw-r--r-- | app/views/users.py | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/app/views/users.py b/app/views/users.py index 37387db..3ac37c2 100644 --- a/app/views/users.py +++ b/app/views/users.py @@ -4,20 +4,18 @@ from flask_login import login_user, logout_user from flask.ext import menu from app import app from app.models import * - - - -# Define the User registration form -# It augments the Flask-User RegisterForm with additional fields -from flask_user.forms import RegisterForm from flask_wtf import FlaskForm -from wtforms import StringField, SubmitField, validators +from flask_user.forms import RegisterForm +from wtforms import * +from wtforms.validators import * + class MyRegisterForm(RegisterForm): display_name = StringField("Display name") # Define the User profile form class UserProfileForm(FlaskForm): display_name = StringField("Display name") + rank = SelectField("Rank", [InputRequired()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER) submit = SubmitField("Save") @app.route("/users/", methods=["GET"]) @@ -33,20 +31,28 @@ def user_profile_page(username): abort(404) form = None - if user == current_user: + if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form - form = UserProfileForm(formdata=request.form, obj=current_user) + form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method=="POST" and form.validate(): # Copy form fields to user_profile fields - form.populate_obj(current_user) + if user == current_user: + user.display_name = form["display_name"].data + + if user.checkPerm(current_user, Permission.CHANGE_RANK): + newRank = form["rank"].data + if current_user.rank.atLeast(newRank): + user.rank = form["rank"].data + else: + flash("Can't promote a user to a rank higher than yourself!", "error") # Save user_profile db.session.commit() # Redirect to home page - return redirect(url_for("home_page")) + return redirect(url_for("user_profile_page", username=username)) # Process GET or invalid POST return render_template("users/user_profile_page.html", |