Základ práce s uživateli

mo/web/org_users.py

-from operator import or_
-from flask import render_template, redirect, url_for, flash, request
+from flask import render_template, g, redirect, url_for, flash, request
 from flask_wtf import FlaskForm
 import werkzeug.exceptions
 import wtforms
+from sqlalchemy import or_
+from sqlalchemy.orm import joinedload
 
 from typing import Optional, List
 
+from wtforms.validators import Email, Required
+
 import mo
 import mo.db as db
 import mo.rights
 import mo.util
+import mo.users
 from mo.web import app
 
 
@@ -38,6 +42,9 @@ class UsersFilterForm(PagerForm):
 @app.route('/org/users/')
 def org_users():
     sess = db.get_session()
+    rr = mo.rights.Rights(g.user)
+    rr.get_generic()
+    can_edit = rr.have_right(mo.rights.Right.edit_users)
 
     q = sess.query(db.User).filter_by(is_admin=False, is_org=False)
     filter = UsersFilterForm(request.args)
@@ -115,7 +122,10 @@ def org_users():
     q = q.limit(filter.limit.data)
     users = q.all()
 
-    return render_template('org_users.html', users=users, count=count, filter=filter, filter_errors=filter_errors)
+    return render_template(
+        'org_users.html', users=users, count=count,
+        filter=filter, filter_errors=filter_errors, can_edit=can_edit
+    )
 
 
 class OrgsFilterForm(PagerForm):
@@ -126,6 +136,9 @@ class OrgsFilterForm(PagerForm):
 @app.route('/org/users/orgs/')
 def org_users_orgs():
     sess = db.get_session()
+    rr = mo.rights.Rights(g.user)
+    rr.get_generic()
+    can_edit = rr.have_right(mo.rights.Right.edit_orgs)
 
     q = sess.query(db.User).filter(or_(db.User.is_admin, db.User.is_org))
     filter = OrgsFilterForm(request.args)
@@ -147,20 +160,137 @@ def org_users_orgs():
     q = q.limit(filter.limit.data)
     users = q.all()
 
-    return render_template('org_users_orgs.html', users=users, count=count, filter=filter, filter_errors=None)
+    return render_template(
+        'org_users_orgs.html', users=users, count=count,
+        filter=filter, filter_errors=None, can_edit=can_edit,
+    )
 
 
 @app.route('/org/user/<int:id>/')
 def org_user(id: int):
-    return render_template('not_implemented.html')
+    sess = db.get_session()
+    user = sess.query(db.User).get(id)
+    if not user:
+        raise werkzeug.exceptions.NotFound()
+
+    rr = mo.rights.Rights(g.user)
+    rr.get_generic()
+    if user.is_admin:
+        can_edit = False
+    elif user.is_org:
+        can_edit = rr.have_right(mo.rights.Right.edit_orgs)
+    else:
+        can_edit = rr.have_right(mo.rights.Right.edit_users)
+
+    participants = sess.query(db.Participant).filter_by(user_id=user.user_id)
+    rounds = sess.query(db.Participation).filter_by(user_id=user.user_id)
+
+    return render_template('org_user.html', user=user, can_edit=can_edit, participants=participants, rounds=rounds)
+
+
+class UserEditForm(FlaskForm):
+    first_name = wtforms.StringField("Jméno", validators=[Required()])
+    last_name = wtforms.StringField("Příjmení", validators=[Required()])
+    note = wtforms.TextAreaField("Poznámka")
+    submit = wtforms.SubmitField("Uložit")
+
 
+class NewUserForm(UserEditForm):
+    email = wtforms.StringField("E-mail", validators=[Required()])
+    submit = wtforms.SubmitField("Vytvořit")
 
-@app.route('/org/user/<int:id>/edit')
+
+@app.route('/org/user/<int:id>/edit', methods=("GET", "POST"))
 def org_user_edit(id: int):
-    return render_template('not_implemented.html')
+    sess = db.get_session()
+    user = mo.users.user_by_uid(id)
+    if not user:
+        raise werkzeug.exceptions.NotFound()
+
+    rr = mo.rights.Rights(g.user)
+    rr.get_generic()
+    if user.is_admin:
+        raise werkzeug.exceptions.Forbidden()
+    elif user.is_org and not rr.have_right(mo.rights.Right.edit_orgs):
+        raise werkzeug.exceptions.Forbidden()
+    elif not rr.have_right(mo.rights.Right.edit_users):
+        raise werkzeug.exceptions.Forbidden()
+
+    form = UserEditForm(obj=user)
+    if form.validate_on_submit():
+        form.populate_obj(user)
+
+        if sess.is_modified(user):
+            changes = db.get_object_changes(user)
+
+            app.logger.info(f"User {id} modified, changes: {changes}")
+            mo.util.log(
+                type=db.LogType.user,
+                what=id,
+                details={'action': 'edit', 'changes': changes},
+            )
+            sess.commit()
+            flash('Změny uživatele uloženy', 'success')
+        else:
+            flash(u'Žádné změny k uložení', 'info')
+
+        return redirect(url_for('org_user', id=id))
 
+    return render_template('org_user_edit.html', user=user, form=form)
 
-@app.route('/org/user/new/', defaults={'type': None})
-@app.route('/org/user/new/<type>/')
+
+@app.route('/org/user/new/', defaults={'type': None}, methods=('GET', 'POST'))
+@app.route('/org/user/new/<type>/', methods=('GET', 'POST'))
 def org_user_new(type: Optional[str]):
-    return render_template('not_implemented.html')
+    sess = db.get_session()
+    rr = mo.rights.Rights(g.user)
+    rr.get_generic()
+
+    if type is not None and type != "org":
+        raise werkzeug.exceptions.BadRequest()
+    if not rr.have_right(mo.rights.Right.edit_users):
+        raise werkzeug.exceptions.Forbidden()
+    if type == 'org' and not rr.have_right(mo.rights.Right.edit_orgs):
+        raise werkzeug.exceptions.Forbidden()
+
+    form = NewUserForm()
+    if form.validate_on_submit():
+        check = True
+
+        if mo.users.user_by_email(form.email.data) is not None:
+            flash('Účet s daným emailem již existuje', 'danger')
+            check = False
+
+        if check:
+            new_user = db.User()
+            form.populate_obj(new_user)
+            new_user.is_org = (type == 'org')
+            sess.add(new_user)
+            sess.flush()
+
+            app.logger.info(f"New user created: {db.row2dict(new_user)}")
+            mo.util.log(
+                type=db.LogType.user,
+                what=new_user.user_id,
+                details={'action': 'new', 'user': db.row2dict(new_user)},
+            )
+
+            sess.commit()
+            flash('Nový uživatel vytvořen', 'success')
+
+            # Send password (re)set link
+            token = mo.users.ask_reset_password(new_user)
+            link = url_for('reset', token=token, _external=True)
+            db.get_session().commit()
+
+            try:
+                mo.util.send_password_reset_email(new_user, link)
+                flash('Email s odkazem pro nastavení hesla odeslán na {}'.format(new_user.email), 'success')
+            except RuntimeError as e:
+                app.logger.error('Login: problém při posílání emailu: {}'.format(e))
+                flash('Problém při odesílání emailu s odkazem pro nastavení hesla', 'danger')
+
+            return redirect(url_for('org_user', id=new_user.user_id))
+
+    return render_template('org_user_new.html', form=form)
+