NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add permission for changing own password

Browse Source
This commit is contained in:
Cervinko Cera 2016-04-27 16:00:58 +02:00
parent bc35250f28
commit f66d7ce29b
4 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cps/templates/user_edit.html
View File

@ -13,10 +13,12 @@
<label for="email">Email address</label>
<input type="email" class="form-control" name="email" id="email" value="{{ content.email if content.email != None }}" required>
</div>
{% if g.user and g.user.role_passwd() or g.user.role_admin()%}
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" name="password" id="password" value="">
</div>
{% endif %}
<div class="form-group">
<label for="kindle_mail">Kindle E-Mail</label>
<input type="text" class="form-control" name="kindle_mail" id="kindle_mail" value="{{ content.kindle_mail if content.kindle_mail != None }}">
@ -38,6 +40,10 @@
<label for="edit_role">Allow Edit</label>
<input type="checkbox" name="edit_role" id="edit_role" {% if content.role_edit() %}checked{% endif %}>
</div>
<div class="form-group">
<label for="passwd_role">Allow Changing Password</label>
<input type="checkbox" name="passwd_role" id="passwd_role" {% if content.role_passwd() %}checked{% endif %}>
</div>
{% endif %}
{% if g.user and g.user.role_admin() and not profile and not new_user %}
<div class="checkbox">

3
cps/templates/user_list.html
View File

@ -12,6 +12,7 @@
<th>Download</th>
<th>Upload</th>
<th>Edit</th>
<th>Passwd</th>
</tr>
{% for user in content %}
@ -24,6 +25,8 @@
<td>{% if user.role_download() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
<td>{% if user.role_upload() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
<td>{% if user.role_edit() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
<td>{% if user.role_passwd() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
{% endfor %}
</table>
<div class="btn btn-default"><a href="{{url_for('new_user')}}">Add new user</a></div>

6
cps/ub.py
View File

@ -17,6 +17,7 @@ ROLE_ADMIN = 1
ROLE_DOWNLOAD = 2
ROLE_UPLOAD = 4
ROLE_EDIT = 8
ROLE_PASSWD = 16
DEFAULT_PASS = "admin123"
class User(Base):
@ -54,6 +55,11 @@ class User(Base):
return True if self.role & ROLE_EDIT == ROLE_EDIT else False
else:
return False
def role_passwd(self):
if self.role is not None:
return True if self.role & ROLE_PASSWD == ROLE_PASSWD else False
else:
return False
def is_active(self):
return True

13
cps/web.py
View File

@ -649,8 +649,9 @@ def profile():
downloads.append(db.session.query(db.Books).filter(db.Books.id == book.book_id).first())
if request.method == "POST":
to_save = request.form.to_dict()
if to_save["password"]:
content.password = generate_password_hash(to_save["password"])
if current_user.role_passwd() or current_user.role_admin():
if to_save["password"]:
content.password = generate_password_hash(to_save["password"])
if to_save["kindle_mail"] and to_save["kindle_mail"] != content.kindle_mail:
content.kindle_mail = to_save["kindle_mail"]
if to_save["email"] and to_save["email"] != content.email:
@ -694,6 +695,8 @@ def new_user():
content.role = content.role + ub.ROLE_UPLOAD
if "edit_role" in to_save:
content.role = content.role + ub.ROLE_EDIT
if "passwd_role" in to_save:
content.role = content.role + ub.ROLE_PASSWD
try:
ub.session.add(content)
ub.session.commit()
@ -764,7 +767,11 @@ def edit_user(user_id):
content.role = content.role + ub.ROLE_EDIT
elif not "edit_role" in to_save and content.role_edit():
content.role = content.role - ub.ROLE_EDIT
if "passwd_role" in to_save and not content.role_passwd():
content.role = content.role + ub.ROLE_PASSWD
elif not "passwd_role" in to_save and content.role_passwd():
content.role = content.role - ub.ROLE_PASSWD
if to_save["email"] and to_save["email"] != content.email:
content.email = to_save["email"]