from flask import Blueprint, render_template, redirect, url_for, request, flash, abort, send_file, Response
from flask.ext.login import login_required
from passlib.hash import pbkdf2_sha256
from models.database import User
from models.forms import AdminUserForm, NewUserForm
from shared import db, admin_permission
admin = Blueprint("admin", __name__)
@admin.route("/")
@login_required
@admin_permission.require()
def index():
users = User.query.limit(10).all()
return render_template("admin_index.html", users=users)
@admin.route("/user/")
@login_required
@admin_permission.require()
def user():
users = User.query.all()
return render_template("admin_user_index.html", users=users)
@admin.route("/user/edit", methods=["GET", "POST"])
@login_required
@admin_permission.require()
def user_edit():
user_id = request.args.get("id", None)
if user_id is not None:
user = db.session.query(User).filter_by(id=user_id).first()
form = AdminUserForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
db.session.commit()
return redirect(url_for(".index"))
else:
return render_template("admin_user_edit.html", form=form, id=user_id)
else:
return redirect(url_for(".index"))
@admin.route("/user/delete")
@login_required
@admin_permission.require()
def user_delete():
user_id = request.args.get("id", None)
if user_id is not None:
user = User.query.filter_by(id=user_id).first()
db.session.delete(user)
db.session.commit()
flash("User deleted.", "alert-success")
return redirect(url_for(".user"))
@admin.route("/user/new", methods=["GET", "POST"])
@login_required
@admin_permission.require()
def user_new():
form = NewUserForm()
if form.validate_on_submit():
password_hash = pbkdf2_sha256.encrypt(form.password.data, rounds=200000, salt_size=16)
user = User(form.fullname.data, form.username.data, password_hash)
db.session.add(user)
db.session.commit()
return redirect(url_for(".user"))
return render_template("admin_user_new.html", form=form)