mirror of
https://github.com/partitioncloud/partitioncloud-server.git
synced 2025-01-23 17:26:26 +01:00
91 lines
2.5 KiB
Python
91 lines
2.5 KiB
Python
#!/usr/bin/python3
|
|
"""
|
|
User Settings
|
|
"""
|
|
import os
|
|
from flask import Blueprint, render_template, session, current_app, send_file, request, flash, redirect
|
|
from werkzeug.security import check_password_hash
|
|
|
|
from flask_babel import _
|
|
|
|
from .db import get_db
|
|
from .auth import login_required
|
|
from .utils import User
|
|
|
|
|
|
bp = Blueprint("settings", __name__, url_prefix="/settings")
|
|
|
|
@bp.route("/")
|
|
@login_required
|
|
def index():
|
|
"""
|
|
Settings page
|
|
"""
|
|
user = User(user_id=session.get("user_id"))
|
|
|
|
return render_template(
|
|
"settings/index.html",
|
|
inspected_user=user,
|
|
user=user
|
|
)
|
|
|
|
|
|
@bp.route("/delete-account", methods=["POST"])
|
|
@login_required
|
|
def delete_account():
|
|
if "user_id" not in request.form:
|
|
flash(_("Missing user id."))
|
|
return redirect(request.referrer)
|
|
|
|
cur_user = User(user_id=session.get("user_id"))
|
|
user_id = request.form["user_id"]
|
|
mod_user = User(user_id=user_id)
|
|
|
|
if cur_user.access_level != 1:
|
|
if cur_user.id != mod_user.id:
|
|
flash(_("Missing rights."))
|
|
return redirect(request.referrer)
|
|
|
|
mod_user.delete()
|
|
flash(_("User successfully deleted."))
|
|
if cur_user.id == mod_user.id:
|
|
return redirect("/")
|
|
return redirect("/admin")
|
|
|
|
|
|
@bp.route("/change-password", methods=["POST"])
|
|
@login_required
|
|
def change_password():
|
|
if "user_id" not in request.form:
|
|
flash(_("Missing user id."))
|
|
return redirect(request.referrer)
|
|
|
|
cur_user = User(user_id=session.get("user_id"))
|
|
user_id = request.form["user_id"]
|
|
mod_user = User(user_id=user_id)
|
|
|
|
if cur_user.access_level != 1:
|
|
if cur_user.id != mod_user.id:
|
|
flash(_("Missing rights."))
|
|
return redirect(request.referrer)
|
|
|
|
if "old_password" not in request.form:
|
|
flash(_("Missing old password."))
|
|
return redirect(request.referrer)
|
|
|
|
if not check_password_hash(mod_user.password, request.form["old_password"]):
|
|
flash(_("Incorrect password."))
|
|
return redirect(request.referrer)
|
|
|
|
if "new_password" not in request.form or "confirm_new_password" not in request.form:
|
|
flash(_("Missing password."))
|
|
return redirect(request.referrer)
|
|
|
|
if request.form["new_password"] != request.form["confirm_new_password"]:
|
|
flash(_("Password and its confirmation differ."))
|
|
return redirect(request.referrer)
|
|
|
|
mod_user.update_password(request.form["new_password"])
|
|
flash(_("Successfully updated password."))
|
|
return redirect(request.referrer)
|