diff --git a/.gitignore b/.gitignore index 0bd0625..bdac4f8 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,8 @@ run_8180.py alembic.ini venv/ venv-*/ +.venv +env # automatically generated garbage **/__pycache__/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b068eb..4565eda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ + Changed user page URLs (contributions page) from `/u/user` to `/@user`. + `/manage/` is now a list of all managing options, including export/import and the brand new `/manage/accounts`. ++ Users can now be disabled (and re-enabled) by administrator. + TOC is now shown in pages when screen width is greater than 960 pixels. + Style changes: added a top bar with the site title. It replaces the floating menu on the top right. + Now logged-in users have an “Edit” button below the first heading. All users can access page history diff --git a/app.py b/app.py index 05e236f..ef2f36d 100644 --- a/app.py +++ b/app.py @@ -534,7 +534,7 @@ def init_db_and_create_first_user(): if password != confirm_password: print('Passwords do not match.') return - default_permissions = 31 # all permissions + default_permissions = PERM_ALL # all permissions if not input('Agree to the Terms of Use?')[0].lower() == 'y': print('You must accept Terms in order to register.') return @@ -680,7 +680,9 @@ def _inject_variables(): @login_manager.user_loader def _inject_user(userid): - return User[userid] + u = User[userid] + if not u.is_disabled: + return u @app.template_filter() def linebreaks(text): @@ -987,7 +989,7 @@ def contributions(username): except User.DoesNotExist: abort(404) contributions = user.contributions.order_by(PageRevision.pub_date.desc()) - return render_template('contributions.jinja2', + return render_paginated_template('contributions.jinja2', "contributions", u=user, contributions=contributions, @@ -1097,6 +1099,10 @@ def accounts_login(): except User.DoesNotExist: flash('Invalid username or password.') else: + if user.is_disabled: + flash("Your account is disabled.") + return render_template("login.jinja2") + remember_for = int(request.form['remember']) if remember_for > 0: login_user(user, remember=True, @@ -1119,6 +1125,7 @@ def accounts_register(): return render_template('register.jinja2') if not request.form['legal']: flash('You must accept Terms in order to register.') + return render_template('register.jinja2') try: with database.atomic(): u = User.create( @@ -1333,7 +1340,24 @@ def manage_accounts(): page = int(request.args.get('page', 1)) if request.method == 'POST': if current_user.is_admin: - pass + action = request.form.get("action") + userids = [] + if action == "disable": + for key in request.form.keys(): + if key.startswith("u") and key[1:].isdigit(): + userids.append(int(key[1:])) + uu = 0 + for uid in userids: + try: + u = User[uid] + except User.DoesNotExist: + continue + u.is_disabled = not u.is_disabled + u.save() + uu += 1 + flash(f"Successfully disabled {uu} users!") + else: + flash("Unknown action") else: flash('Operation not permitted!') return render_paginated_template('manageaccounts.jinja2', 'users', users=users) diff --git a/templates/manageaccounts.jinja2 b/templates/manageaccounts.jinja2 index 7689dc8..8cce7c9 100644 --- a/templates/manageaccounts.jinja2 +++ b/templates/manageaccounts.jinja2 @@ -24,9 +24,12 @@ {% for u in users %}
  • - + + {% if u.is_disabled %}{% endif %} {{ u.username }} + {% if u.is_disabled %}{% endif %} {% if u == current_user %}(you){% endif %} + {% if u.is_disabled %}(disabled){% endif %} - Groups: + +
    + + + +
    {% else %}

    Managing accounts can be done by users with Admin permissions only.