added user editing.

pflarr · Aug 7, 2011 · d9e8b30 · d9e8b30
1 parent 07a5dda
commit d9e8b30
Show file tree

Hide file tree

Showing 4 changed files with 238 additions and 86 deletions.
diff --git a/basic_site/models.py b/basic_site/models.py
@@ -33,24 +33,25 @@ class User(Base):
     pw_hash = Column(String(), nullable=False)
     admin = Column(Boolean(), nullable=False)
     fullname = Column(String(), nullable=False)
+
+    UID_CHARS = 'abcdefghijklmnopqrstuvwxyz1234567890_-'
 
-    def __init__(self, name, pw, admin, fullname):
-        self.uid = name[:10]
+    def __init__(self, uid, pw, admin, fullname):
+        if len(uid) > 10 or \
+           all(c.lower() not in self.UID_CHARS for c in uid):
+            raise ValueError("Invalid User name: %s")
+        self.uid = uid
         self.pw_hash = manager.encodePassword(pw)
         self.admin = admin 
         self.fullname = fullname
 
     def check_pw(self, passwd):
         return manager.checkPassword(self.pw_hash, passwd)
 
-    def change_pw(self, old, new):
+    def change_pw(self, new):
         """Verifies the old pw before changing it to new. Returns True if
     successful."""
-        if manager.checkPassword(self.pw_hash, old):
-            self.pw_hash = manager.encodePassword(pw)
-            return True
-        else:
-            return False
+        self.pw_hash = manager.encodePassword(pw)
 
 class Post(Base):
     __tablename__ = 'Post'
@@ -118,22 +119,25 @@ class Page(Base):
     created = Column(DateTime(), nullable=False)
     creator = Column(String(10), nullable=False)
     contents = Column(String(), nullable=False)
-
+
+    allowed_chars = ['abcdefghijklmnopqrstuvwxyz0123456789 _-'] 
     def __init__(self, creator, name, contents, created=None):
         if created:
             self.created = created
         else:
             self.created = datetime.datetime.utcnow()
-        self.name = name[:15]
+
+        self.name = ''.join([c if c.lower() in self.allowed_chars else '_'
+                               for c in name[:15]])
         self.creator = creator
         self.contents = contents
 
-    def edit(self, new_name, new_content, user):
+    def edit(self, name, content, user):
         """Edit this post, and record the change in the history."""
         session = DBSession()
         hist = Page_History(user, self) 
-        self.name = new_name
-        self.content = new_content
+        self.name = name
+        self.content = content
         session.add(hist)
 
 class Page_History(Base):

diff --git a/basic_site/templates/head.mako b/basic_site/templates/head.mako
@@ -37,3 +37,9 @@
     <LI><A href="page.cgi?page=${page.name|u}" ${cur_class(page.name)}>${page.name}</A>
   % endfor
 </DIV>
+
+% if 'message' in request.params:
+  <DIV class="message">${request.params['message']|h}</DIV>
+% elif message:
+  <DIV class="message">${message|h}</DIV>
+% endif
diff --git a/basic_site/templates/users.mako b/basic_site/templates/users.mako
@@ -0,0 +1,64 @@
+<%include file="head.mako" />
+
+<DIV id="main">
+
+% if current_user.admin:
+  <DIV id="add_user">
+    <H3>Add User:</H3>
+    <FORM method="POST" 
+          action="${request.route_url('mod_users', action='add')}">
+      <LABEL for="uid">User Name:</LABEL>
+      <INPUT type="text" maxlength="10" size="10" name="uid">
+      <LABEL for="fullname">Full Name:</LABEL>
+      <INPUT type="text" size="30" name="fullname">
+      <LABEL for="passwd">Password:</LABEL>
+      <INPUT type="password" size="20" name="passwd">
+      <LABEL for="repeat">Password (again):</LABEL>
+      <INPUT type="password" size="20" name="repeat">
+      <LABEL for="admin">Admin:</LABEL>
+      <INPUT type="checkbox" name="admin"> 
+      <BUTTON type="submit">Add User</BUTTON>
+    </FORM>
+  </DIV>
+%endif
+
+<DIV id="change_pw">
+  <H3>Change your password:</H3>
+  <FORM method="POST" 
+        action="${request.route_url('change_pw', c_uid=uid)}">
+    <LABEL for="old">Current Password:</LABEL>
+    <INPUT type="password" size="20" name="old">
+    <LABEL for="passwd">New Password:</LABEL>
+    <INPUT type="password" size="20" name="new">
+    <LABEL for="repeat">New Password (again):</LABEL>
+    <INPUT type="password" size="20" name="repeat">
+    <BUTTON type="submit">Change Password</BUTTON>
+  </FORM>
+</DIV>
+
+<DIV id="users">
+  <TABLE>
+    <TR><TH>User<TH>Full Name<TH>Admin
+  % for user in users:
+    <TR><TD>${user.uid}<TD>${user.fullname}
+    % if current_user.admin:
+      <%
+        toggle_href = request.route_url('mod_user', action='toggle_admin',
+                                                    uid=user.uid)
+        delete_href = request.route_url('mod_user', action='delete',
+                                                    uid=user.uid)
+        is_admin = 'Yes' if user.admin else 'No'
+      %>
+        <TD><A href="${toggle_href}" 
+               title="Toggle admin rights for this user.">${is_admin}</A>
+        <TD><A href="${delete_href}" title="Delete this user">delete</A>
+    % else:
+        <TD>${'Yes' if user.admin else 'No'}
+    % endif
+  % endfor
+  </TABLE>
+</DIV>
+
+</DIV>
+
+<%include file="foot.mako" />