diff --git a/cps/admin.py b/cps/admin.py index 695a967b..f1320d8a 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -303,6 +303,7 @@ def list_users(): @admin_required def delete_user(): user_ids = request.form.to_dict(flat=False) + users = None if "userid[]" in user_ids: users = ub.session.query(ub.User).filter(ub.User.id.in_(user_ids['userid[]'])).all() elif "userid" in user_ids: @@ -394,27 +395,42 @@ def edit_list_user(param): elif param == 'kindle_mail': user.kindle_mail = valid_email(vals['value']) if vals['value'] else "" elif param.endswith('role'): - if user.name == "Guest" and int(vals['field_index']) in \ + value = int(vals['field_index']) + if user.name == "Guest" and value in \ [constants.ROLE_ADMIN, constants.ROLE_PASSWD, constants.ROLE_EDIT_SHELFS]: raise Exception(_("Guest can't have this role")) - if vals['value'] == 'true': - user.role |= int(vals['field_index']) + # check for valid value, last on checks for power of 2 value + if value > 0 and value <= constants.ROLE_VIEWER and (value & value-1 == 0 or value == 1): + if vals['value'] == 'true': + user.role |= value + elif vals['value'] == 'false': + if value == constants.ROLE_ADMIN: + if not ub.session.query(ub.User).\ + filter(ub.User.role.op('&')(constants.ROLE_ADMIN) == constants.ROLE_ADMIN, + ub.User.id != user.id).count(): + return Response( + json.dumps([{'type': "danger", + 'message':_(u"No admin user remaining, can't remove admin role", + nick=user.name)}]), mimetype='application/json') + user.role &= ~value + else: + raise Exception(_("Value has to be true or false")) else: - if int(vals['field_index']) == constants.ROLE_ADMIN: - if not ub.session.query(ub.User).\ - filter(ub.User.role.op('&')(constants.ROLE_ADMIN) == constants.ROLE_ADMIN, - ub.User.id != user.id).count(): - return Response(json.dumps([{'type': "danger", - 'message':_(u"No admin user remaining, can't remove admin role", - nick=user.name)}]), mimetype='application/json') - user.role &= ~int(vals['field_index']) + raise Exception(_("Invalid role")) elif param.startswith('sidebar'): - if user.name == "Guest" and int(vals['field_index']) == constants.SIDEBAR_READ_AND_UNREAD: + value = int(vals['field_index']) + if user.name == "Guest" and value == constants.SIDEBAR_READ_AND_UNREAD: raise Exception(_("Guest can't have this view")) - if vals['value'] == 'true': - user.sidebar_view |= int(vals['field_index']) + # check for valid value, last on checks for power of 2 value + if value > 0 and value <= constants.SIDEBAR_LIST and (value & value-1 == 0 or value == 1): + if vals['value'] == 'true': + user.sidebar_view |= value + elif vals['value'] == 'false': + user.sidebar_view &= ~value + else: + raise Exception(_("Value has to be true or false")) else: - user.sidebar_view &= ~int(vals['field_index']) + raise Exception(_("Invalid view")) elif param == 'locale': if user.name == "Guest": raise Exception(_("Guest's Locale is determined automatically and can't be set")) @@ -664,6 +680,8 @@ def restriction_deletion(element, list_func): def prepare_tags(user, action, tags_name, id_list): if "tags" in tags_name: tags = calibre_db.session.query(db.Tags).filter(db.Tags.id.in_(id_list)).all() + if not tags: + raise Exception(_("Tag not found")) new_tags_list = [x.name for x in tags] else: tags = calibre_db.session.query(db.cc_classes[config.config_restricted_column])\ @@ -672,8 +690,10 @@ def prepare_tags(user, action, tags_name, id_list): saved_tags_list = user.__dict__[tags_name].split(",") if len(user.__dict__[tags_name]) else [] if action == "remove": saved_tags_list = [x for x in saved_tags_list if x not in new_tags_list] - else: + elif action == "add": saved_tags_list.extend(x for x in new_tags_list if x not in saved_tags_list) + else: + raise Exception(_("Invalid Action")) return ",".join(saved_tags_list) diff --git a/cps/static/js/table.js b/cps/static/js/table.js index 9a7d418e..10f82d17 100644 --- a/cps/static/js/table.js +++ b/cps/static/js/table.js @@ -318,7 +318,6 @@ $(function() { }, url: getPath() + "/ajax/listrestriction/" + type + "/" + userId, rowStyle: function(row) { - // console.log('Reihe :' + row + " Index :" + index); if (row.id.charAt(0) === "a") { return {classes: "bg-primary"}; } else { @@ -613,30 +612,31 @@ function loadSuccess() { } function move_header_elements() { - $(".header_select").each(function () { - var item = $(this).parent(); - var parent = item.parent().parent(); - if (parent.prop('nodeName') === "TH") { - item.prependTo(parent); - } - }); - $(".form-check").each(function () { - var item = $(this).parent(); - var parent = item.parent().parent(); - if (parent.prop('nodeName') === "TH") { - item.prependTo(parent); - } - }); - $(".multi_select").each(function () { - var item = $(this); - var parent = item.parent().parent(); - if (parent.prop('nodeName') === "TH") { - item.prependTo(parent); - item.addClass("myselect"); - } - }); - $(".multi_selector").selectpicker(); + $(".header_select").each(function () { + var item = $(this).parent(); + var parent = item.parent().parent(); + if (parent.prop('nodeName') === "TH") { + item.prependTo(parent); + } + }); + $(".form-check").each(function () { + var item = $(this).parent(); + var parent = item.parent().parent(); + if (parent.prop('nodeName') === "TH") { + item.prependTo(parent); + } + }); + $(".multi_select").each(function () { + var item = $(this); + var parent = item.parent().parent(); + if (parent.prop('nodeName') === "TH") { + item.prependTo(parent); + item.addClass("myselect"); + } + }); + $(".multi_selector").selectpicker(); + if (! $._data($(".multi_head").get(0), "events") ) { // Functions have to be here, otherwise the callbacks are not fired if visible columns are changed $(".multi_head").on("click", function () { var val = $(this).data("set"); @@ -662,23 +662,27 @@ function move_header_elements() { } ); }); + } - $("#user_delete_selection").click(function () { - $("#user-table").bootstrapTable("uncheckAll"); - }); - $("#select_locale").on("change", function () { - selectHeader(this, "locale"); - }); - $("#select_default_language").on("change", function () { - selectHeader(this, "default_language"); - }); + $("#user_delete_selection").click(function () { + $("#user-table").bootstrapTable("uncheckAll"); + }); + $("#select_locale").on("change", function () { + selectHeader(this, "locale"); + }); + $("#select_default_language").on("change", function () { + selectHeader(this, "default_language"); + }); + + if (! $._data($(".check_head").get(0), "events") ) { $(".check_head").on("change", function () { var val = $(this).data("set"); var name = $(this).data("name"); var data = $(this).data("val"); checkboxHeader(val, name, data); }); - + } + if (! $._data($(".button_head").get(0), "events") ) { $(".button_head").on("click", function () { var result = $('#user-table').bootstrapTable('getSelections').map(a => a.id); confirmDialog( @@ -701,6 +705,7 @@ function move_header_elements() { } ); }); + } } function handleListServerResponse (data) { @@ -716,7 +721,6 @@ function handleListServerResponse (data) { $("#user-table").bootstrapTable("refresh"); } - function checkboxChange(checkbox, userId, field, field_index) { $.ajax({ method: "post", diff --git a/cps/templates/user_table.html b/cps/templates/user_table.html index b174e481..93c1e5ce 100644 --- a/cps/templates/user_table.html +++ b/cps/templates/user_table.html @@ -40,7 +40,7 @@
- {{_('Deny')}} + {{_('Deny')}}