yusur/salvi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement user disabling

Browse source
This commit is contained in:
Yusur 2023-07-12 15:43:16 +02:00
parent 09bbbd74a4
commit 1bbf7eebfe
4 changed files with 44 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -9,6 +9,8 @@ run_8180.py
alembic.ini alembic.ini
venv/ venv/
venv-*/ venv-*/
.venv
env
# automatically generated garbage # automatically generated garbage
**/__pycache__/ **/__pycache__/

1
CHANGELOG.md
View file

@ -13,6 +13,7 @@
+ Changed user page URLs (contributions page) from `/u/user` to `/@user`. + Changed user page URLs (contributions page) from `/u/user` to `/@user`.
+ `/manage/` is now a list of all managing options, including export/import and the brand new + `/manage/` is now a list of all managing options, including export/import and the brand new
`/manage/accounts`. `/manage/accounts`.
+ Users can now be disabled (and re-enabled) by administrator.
+ TOC is now shown in pages when screen width is greater than 960 pixels. + TOC is now shown in pages when screen width is greater than 960 pixels.
+ Style changes: added a top bar with the site title. It replaces the floating menu on the top right. + Style changes: added a top bar with the site title. It replaces the floating menu on the top right.
+ Now logged-in users have an “Edit” button below the first heading. All users can access page history + Now logged-in users have an “Edit” button below the first heading. All users can access page history

32
app.py
View file

@ -534,7 +534,7 @@ def init_db_and_create_first_user():
if password != confirm_password: if password != confirm_password:
print('Passwords do not match.') print('Passwords do not match.')
return return
default_permissions = 31 # all permissions default_permissions = PERM_ALL # all permissions
if not input('Agree to the Terms of Use?')[0].lower() == 'y': if not input('Agree to the Terms of Use?')[0].lower() == 'y':
print('You must accept Terms in order to register.') print('You must accept Terms in order to register.')
return return
@ -680,7 +680,9 @@ def _inject_variables():
@login_manager.user_loader @login_manager.user_loader
def _inject_user(userid): def _inject_user(userid):
return User[userid] u = User[userid]
if not u.is_disabled:
return u
@app.template_filter() @app.template_filter()
def linebreaks(text): def linebreaks(text):
@ -987,7 +989,7 @@ def contributions(username):
except User.DoesNotExist: except User.DoesNotExist:
abort(404) abort(404)
contributions = user.contributions.order_by(PageRevision.pub_date.desc()) contributions = user.contributions.order_by(PageRevision.pub_date.desc())
return render_template('contributions.jinja2', return render_paginated_template('contributions.jinja2',
"contributions", "contributions",
u=user, u=user,
contributions=contributions, contributions=contributions,
@ -1097,6 +1099,10 @@ def accounts_login():
except User.DoesNotExist: except User.DoesNotExist:
flash('Invalid username or password.') flash('Invalid username or password.')
else: else:
if user.is_disabled:
flash("Your account is disabled.")
return render_template("login.jinja2")
remember_for = int(request.form['remember']) remember_for = int(request.form['remember'])
if remember_for > 0: if remember_for > 0:
login_user(user, remember=True, login_user(user, remember=True,
@ -1119,6 +1125,7 @@ def accounts_register():
return render_template('register.jinja2') return render_template('register.jinja2')
if not request.form['legal']: if not request.form['legal']:
flash('You must accept Terms in order to register.') flash('You must accept Terms in order to register.')
return render_template('register.jinja2')
try: try:
with database.atomic(): with database.atomic():
u = User.create( u = User.create(
@ -1333,7 +1340,24 @@ def manage_accounts():
page = int(request.args.get('page', 1)) page = int(request.args.get('page', 1))
if request.method == 'POST': if request.method == 'POST':
if current_user.is_admin: if current_user.is_admin:
pass action = request.form.get("action")
userids = []
if action == "disable":
for key in request.form.keys():
if key.startswith("u") and key[1:].isdigit():
userids.append(int(key[1:]))
uu = 0
for uid in userids:
try:
u = User[uid]
except User.DoesNotExist:
continue
u.is_disabled = not u.is_disabled
u.save()
uu += 1
flash(f"Successfully disabled {uu} users!")
else:
flash("Unknown action")
else: else:
flash('Operation not permitted!') flash('Operation not permitted!')
return render_paginated_template('manageaccounts.jinja2', 'users', users=users) return render_paginated_template('manageaccounts.jinja2', 'users', users=users)

14
templates/manageaccounts.jinja2
View file

@ -24,9 +24,12 @@
{% for u in users %} {% for u in users %}
<li> <li>
<input type="checkbox" name="u{{ u.id }}"> <input type="checkbox" name="u{{ u.id }}" value="1">
{% if u.is_disabled %}<del>{% endif %}
<a href="/@{{ u.username }}">{{ u.username }}</a> <a href="/@{{ u.username }}">{{ u.username }}</a>
{% if u.is_disabled %}</del>{% endif %}
{% if u == current_user %}<strong>(you)</strong>{% endif %} {% if u == current_user %}<strong>(you)</strong>{% endif %}
{% if u.is_disabled %}<strong>(disabled)</strong>{% endif %}
- -
Groups: Groups:
<ul class="inline"> <ul class="inline">
@ -44,6 +47,15 @@
<li class="nl-next"><a href="?page={{ page_n + 1 }}">Next page &raquo;</a></li> <li class="nl-next"><a href="?page={{ page_n + 1 }}">Next page &raquo;</a></li>
{% endif %} {% endif %}
</ul> </ul>
<div>
<select name="action">
<option selected value="-">Select an action</option>
<option value="disable">Disable selected accounts</option>
</select>
<input type="submit" value="Submit">
</div>
</form> </form>
{% else %} {% else %}
<p>Managing accounts can be done by users with Admin permissions only.</p> <p>Managing accounts can be done by users with Admin permissions only.</p>