Merge pull request #1388 from Scifabric/issue-1350-admin-users

Issue 1350 admin users

doc/api.rst

@@ -1277,3 +1277,195 @@ It returns a JSON object with the following information:
     },
   ]
 }
+
+Admin users
+~~~~~~~~~~~
+**Endpoint: /admin/users**
+
+*Allowed methods*: **GET/POST**
+
+**GET**
+
+It returns a JSON object with the following information:
+
+* **form**: A form for searching for users.
+* **found**: A list of found users according to a search.
+* **template**: Jinja2 template.
+* **users**: List of admin users.
+
+**Example output**
+
+.. code-block:: python
+
+    {
+      "form": {
+        "csrf": "token",
+        "errors": {},
+        "user": null
+      },
+      "found": [],
+      "template": "/admin/users.html",
+      "title": "Manage Admin Users",
+      "users": [
+        {
+          "admin": true,
+          "api_key": "key",
+          "category": null,
+          "ckan_api": null,
+          "confirmation_email_sent": false,
+          "created": "date",
+          "email_addr": "email",
+          "facebook_user_id": null,
+          "flags": null,
+          "fullname": "John Doe",
+          "google_user_id": null,
+          "id": 1,
+          "info": {
+            "avatar": "avatar.png",
+            "container": "user_1"
+          },
+          "locale": "en",
+          "name": "johndoe",
+          "newsletter_prompted": false,
+          "passwd_hash": "hash",
+          "privacy_mode": true,
+          "pro": false,
+          "subscribed": true,
+          "twitter_user_id": null,
+          "valid_email": true
+        },
+      ]
+    }
+
+**POST** 
+
+To send a valid POST request you need to pass the *csrf token* in the headers. Use 
+the following header: "X-CSRFToken".
+
+It returns a JSON object with the following information:
+
+* **form**: A form with the submitted search.
+* **found**: A list of found users according to a search.
+* **template**: Jinja2 template.
+* **users**: List of admin users.
+
+**Example output**
+
+.. code-block:: python
+
+    {
+      "form": {
+        "csrf": "token",
+        "errors": {},
+        "user": 'janedoe',
+      },
+      "found": [
+            {
+              "admin": false,
+              "api_key": "key",
+              "category": null,
+              "ckan_api": null,
+              "confirmation_email_sent": false,
+              "created": "date",
+              "email_addr": "email",
+              "facebook_user_id": null,
+              "flags": null,
+              "fullname": "janedoe",
+              "google_user_id": null,
+              "id": 80,
+              "info": {},
+              "locale": "en",
+              "name": "janedoe",
+              "newsletter_prompted": false,
+              "passwd_hash": "hash",
+              "privacy_mode": true,
+              "pro": false,
+              "subscribed": true,
+              "twitter_user_id": null,
+              "valid_email": true
+            },
+      ],
+      "template": "/admin/users.html",
+      "title": "Manage Admin Users",
+      "users": [
+        {
+          "admin": true,
+          "api_key": "key",
+          "category": null,
+          "ckan_api": null,
+          "confirmation_email_sent": false,
+          "created": "date",
+          "email_addr": "email",
+          "facebook_user_id": null,
+          "flags": null,
+          "fullname": "John Doe",
+          "google_user_id": null,
+          "id": 1,
+          "info": {
+            "avatar": "avatar.png",
+            "container": "user_1"
+          },
+          "locale": "en",
+          "name": "johndoe",
+          "newsletter_prompted": false,
+          "passwd_hash": "hash",
+          "privacy_mode": true,
+          "pro": false,
+          "subscribed": true,
+          "twitter_user_id": null,
+          "valid_email": true
+        },
+      ]
+      }
+
+
+Admin users add
+~~~~~~~~~~~~~~~
+**Endpoint: /admin/users/add/<int:user_id>**
+
+*Allowed methods*: **GET**
+
+**GET**
+
+It adds a user to the admin group. It returns a JSON object with the following information:
+
+* **next**: '/admin/users',
+
+**Example output**
+
+.. code-block:: python
+
+    {
+      "next": '/admin/users',
+    }
+
+.. note::
+
+    You will need to use the /admin/users endpoint to get a list of users for adding
+    deleting from the admin group.
+
+Admin users del
+~~~~~~~~~~~~~~~
+**Endpoint: /admin/users/del/<int:user_id>**
+
+*Allowed methods*: **GET**
+
+**GET**
+
+It removes a user from the admin group. It returns a JSON object with the following information:
+
+* **next**: '/admin/users',
+
+**Example output**
+
+.. code-block:: python
+
+    {
+      "next": '/admin/users',
+    }
+
+.. note::
+
+    You will need to use the /admin/users endpoint to get a list of users for adding
+    deleting from the admin group.
+

pybossa/util.py

@@ -47,6 +47,10 @@ def form_to_json(form):
     tmp['csrf'] = generate_csrf()
     return tmp
 
+def user_to_json(user):
+    """Return a user in JSON format."""
+    return user.dictize()
+
 
 def handle_content_type(data):
     """Return HTML or JSON based on request type."""
@@ -67,7 +71,10 @@ def handle_content_type(data):
                         cat = cat.to_public_json()
                     tmp.append(cat)
                 data[item] = tmp
-
+            if (item == 'users'):
+                data[item] = [user_to_json(user) for user in data[item]]
+            if (item == 'found'):
+                data[item] = [user_to_json(user) for user in data[item]]
 
         if 'code' in data.keys():
             return jsonify(data), data['code']

pybossa/view/admin.py

@@ -33,6 +33,7 @@
 
 from pybossa.model.category import Category
 from pybossa.util import admin_required, UnicodeWriter, handle_content_type
+from pybossa.util import redirect_content_type
 from pybossa.cache import projects as cached_projects
 from pybossa.cache import categories as cached_cat
 from pybossa.auth import ensure_authorized_to
@@ -122,7 +123,7 @@ def featured(project_id=None):
 @admin_required
 def users(user_id=None):
     """Manage users of PYBOSSA."""
-    form = SearchForm(request.form)
+    form = SearchForm(request.body)
     users = [user for user in user_repo.filter_by(admin=True)
              if user.id != current_user.id]
 
@@ -134,12 +135,14 @@ def users(user_id=None):
         if not found:
             flash("<strong>Ooops!</strong> We didn't find a user "
                   "matching your query: <strong>%s</strong>" % form.user.data)
-        return render_template('/admin/users.html', found=found, users=users,
-                               title=gettext("Manage Admin Users"),
-                               form=form)
+        response = dict(template='/admin/users.html', found=found, users=users,
+                        title=gettext("Manage Admin Users"),
+                        form=form)
+        return handle_content_type(response)
 
-    return render_template('/admin/users.html', found=[], users=users,
-                           title=gettext("Manage Admin Users"), form=form)
+    response = dict(template='/admin/users.html', found=[], users=users,
+                    title=gettext("Manage Admin Users"), form=form)
+    return handle_content_type(response)
 
 
 @blueprint.route('/users/export')
@@ -212,7 +215,7 @@ def add_admin(user_id=None):
                 ensure_authorized_to('update', user)
                 user.admin = True
                 user_repo.update(user)
-                return redirect(url_for(".users"))
+                return redirect_content_type(url_for(".users"))
             else:
                 msg = "User not found"
                 return format_error(msg, 404)
@@ -233,7 +236,7 @@ def del_admin(user_id=None):
                 ensure_authorized_to('update', user)
                 user.admin = False
                 user_repo.update(user)
-                return redirect(url_for('.users'))
+                return redirect_content_type(url_for('.users'))
             else:
                 msg = "User.id not found"
                 return format_error(msg, 404)