yusur/salvi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement user disabling

Browse source
This commit is contained in:
Yusur 2023-07-12 15:43:16 +02:00
parent 09bbbd74a4
commit 1bbf7eebfe
4 changed files with 44 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -9,6 +9,8 @@ run_8180.py
alembic.ini
venv/
venv-*/
.venv
env
# automatically generated garbage
**/__pycache__/

1
CHANGELOG.md
View file

@ -13,6 +13,7 @@
+ Changed user page URLs (contributions page) from `/u/user` to `/@user`.
+ `/manage/` is now a list of all managing options, including export/import and the brand new
`/manage/accounts`.
+ Users can now be disabled (and re-enabled) by administrator.
+ TOC is now shown in pages when screen width is greater than 960 pixels.
+ Style changes: added a top bar with the site title. It replaces the floating menu on the top right.
+ Now logged-in users have an “Edit” button below the first heading. All users can access page history

32
app.py
View file

@ -534,7 +534,7 @@ def init_db_and_create_first_user():
if password != confirm_password:
print('Passwords do not match.')
return
default_permissions = 31 # all permissions
default_permissions = PERM_ALL # all permissions
if not input('Agree to the Terms of Use?')[0].lower() == 'y':
print('You must accept Terms in order to register.')
return
@ -680,7 +680,9 @@ def _inject_variables():
@login_manager.user_loader
def _inject_user(userid):
return User[userid]
u = User[userid]
if not u.is_disabled:
return u
@app.template_filter()
def linebreaks(text):
@ -987,7 +989,7 @@ def contributions(username):
except User.DoesNotExist:
abort(404)
contributions = user.contributions.order_by(PageRevision.pub_date.desc())
return render_template('contributions.jinja2',
return render_paginated_template('contributions.jinja2',
"contributions",
u=user,
contributions=contributions,
@ -1097,6 +1099,10 @@ def accounts_login():
except User.DoesNotExist:
flash('Invalid username or password.')
else:
if user.is_disabled:
flash("Your account is disabled.")
return render_template("login.jinja2")
remember_for = int(request.form['remember'])
if remember_for > 0:
login_user(user, remember=True,
@ -1119,6 +1125,7 @@ def accounts_register():
return render_template('register.jinja2')
if not request.form['legal']:
flash('You must accept Terms in order to register.')
return render_template('register.jinja2')
try:
with database.atomic():
u = User.create(
@ -1333,7 +1340,24 @@ def manage_accounts():
page = int(request.args.get('page', 1))
if request.method == 'POST':
if current_user.is_admin:
pass
action = request.form.get("action")
userids = []
if action == "disable":
for key in request.form.keys():
if key.startswith("u") and key[1:].isdigit():
userids.append(int(key[1:]))
uu = 0
for uid in userids:
try:
u = User[uid]
except User.DoesNotExist:
continue
u.is_disabled = not u.is_disabled
u.save()
uu += 1
flash(f"Successfully disabled {uu} users!")
else:
flash("Unknown action")
else:
flash('Operation not permitted!')
return render_paginated_template('manageaccounts.jinja2', 'users', users=users)

14
templates/manageaccounts.jinja2
View file

@ -24,9 +24,12 @@
{% for u in users %}
<li>
<input type="checkbox" name="u{{ u.id }}">
<input type="checkbox" name="u{{ u.id }}" value="1">
{% if u.is_disabled %}<del>{% endif %}
<a href="/@{{ u.username }}">{{ u.username }}</a>
{% if u.is_disabled %}</del>{% endif %}
{% if u == current_user %}<strong>(you)</strong>{% endif %}
{% if u.is_disabled %}<strong>(disabled)</strong>{% endif %}
-
Groups:
<ul class="inline">
@ -44,6 +47,15 @@
<li class="nl-next"><a href="?page={{ page_n + 1 }}">Next page &raquo;</a></li>
{% endif %}
</ul>
<div>
<select name="action">
<option selected value="-">Select an action</option>
<option value="disable">Disable selected accounts</option>
</select>
<input type="submit" value="Submit">
</div>
</form>
{% else %}
<p>Managing accounts can be done by users with Admin permissions only.</p>