Admins can delete and edit users

main.py

@@ -280,6 +280,58 @@ def admin_user_add():
     groups = query_db('select * from groups where system=0') 
     return render_template('admin_user_new.html', groups=groups)
 
+@app.route('/admin/users/edit/<iduser>', methods=['GET', 'POST'])
+def admin_user_edit(iduser):
+    if not session.get('user').get('is_admin'):
+        abort(401)
+    user = query_db('select * from users where id = ?', [iduser], one=True)
+    user['groups'] = query_db('select groups.* from groups join user_group on groups.id = user_group.id_group where id_user = ?', [iduser])
+    if user is None:
+        abort(404)
+    if request.method == 'POST':
+        if query_db('select * from users where email=? and id!=?', [request.form['email'], iduser], one=True) is None:
+            if query_db('select * from users where name=? and id!=?', [request.form['name'], iduser], one=True) is None:
+                admin = 0
+                if 'admin' in request.form.keys():
+                    admin = 1
+                g.db.execute('update users set email = ?, name = ?, organization = ?, is_admin = ? where id = ?',
+                        [request.form['email'], request.form['name'], request.form['organization'], admin, iduser])
+                g.db.commit()
+                groups = request.form.getlist('groups')
+                groups.append('1')
+                for group in user['groups']:
+                    if not group['id'] in groups:
+                        g.db.execute('delete from user_group where id_user = ? and id_group = ?', [iduser, group['id']])
+                        g.db.commit()
+                for group in groups:
+                    group = query_db('select id from groups where id = ?', group, one=True)
+                    if group is None:
+                        flash(u'Le groupe portant l\'id %s n\'existe pas.' % group, 'warning')
+                    else:
+                        if not group in user['groups']:
+                            g.db.execute('insert into user_group values (?, ?)', [user['id'], group['id']])
+                            g.db.commit()
+                user = query_db('select * from users where id = ?', [iduser], one=True)
+                user['groups'] = query_db('select groups.* from groups join user_group on groups.id = user_group.id_group where id_user = ?', [iduser])
+                flash(u'Le profil a été mis à jour !', 'success')
+            else:
+                flash(u'Le nom ' + request.form['name'] + u' est déjà pris ! Veuillez en choisir un autre.', 'error')
+        else:
+            flash(u'Il existe déjà un compte pour cette adresse e-mail : ' + request.form['email'], 'error')
+    groups = query_db('select * from groups where system=0') 
+    return render_template('admin_user_edit.html', user=user, groups=groups)
+
+@app.route('/admin/users/delete/<iduser>')
+def admin_user_del(iduser):
+    if not session.get('user').get('is_admin'):
+        abort(401)
+    user = query_db('select * from users where id = ?', [iduser], one=True)
+    if user is None:
+        abort(404)
+    g.db.execute('delete from users where id = ?', [iduser])
+    g.db.commit()
+    return redirect(url_for('admin_users'))
+
 #-------------
 # Roles admin
 

templates/admin_user_edit.html

@@ -0,0 +1,79 @@
+{% extends "layout.html" %}
+{% block body %}
+
+<div class="row">
+  <div class="span6 well">
+    <form class="form-horizontal" action="{{ url_for('admin_user_edit', iduser=user.id) }}" method="post">
+    <fieldset><legend>Mise à jour du profil utilisateur</legend>
+      <div class="control-group">
+        <label class="control-label" for="email">E-mail</label>
+        <div class="controls">
+            <input type="text" name="email" id="email" value="{{ user.email }}"/>
+        </div>
+      </div>
+      <div class="control-group">
+          <label class="control-label" for="name">Nom</label>
+          <div class="controls">
+              <input type="text" name="name" id="name" value="{{ user.name }}" />
+          </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label" for="organization">Association</label>
+        <div class="controls">
+            <input type="text" name="organization" id="organization" value="{{ user.organization }}"/>
+        </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label" for="groups">Groupes</label>
+        <div class="controls">
+          <select name="groups" id="groups" multiple>
+            {% for group in groups %}
+            <option value="{{ group.id }}" {% if group in user.groups %}selected{% endif %}>{{ group.name }}</option>
+            {% endfor %}
+          </select>
+        </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label">Options</label>
+        <div class="controls">
+          <label class="checkbox">
+            <input type="checkbox" name="admin" {% if user.is_admin %}checked{% endif %} />
+            L'utilisateur est-il administrateur ?
+          </label>
+        </div>
+      </div>
+      <div class="form-actions">
+        <input type="submit" class="btn btn-primary" value="Enregistrer" />
+        <input type="reset" class="btn" value="Annuler" />
+      </div>
+    </fieldset>
+    </form>
+  </div>
+
+<!--
+  <div class="span5 well">
+    <form class="form-horizontal" action="{{ url_for('user_password', userid=user.id) }}" method="post">
+    <fieldset><legend>Modification du mot de passe</legend>
+      <div class="control-group">
+        <label class="control-label" for="password">Mot de passe</label>
+        <div class="controls">
+            <input type="password" name="password" id="password" />
+        </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label" for="password2">Confirmation</label>
+        <div class="controls">
+            <input type="password" name="password2" id="password2" />
+        </div>
+      </div>
+      <div class="form-actions">
+        <input type="submit" class="btn btn-primary" value="Enregistrer" />
+        <input type="reset" class="btn" value="Annuler" />
+      </div>
+    </fieldset>
+    </form>
+  </div>
+</div>
+-->
+{% endblock %}
+

templates/admin_users.html

@@ -24,8 +24,8 @@
       <td>{% for group in user.groups %}<span class="label">{{ group }}</span> {% endfor %}</td>
       <td>{% if user.is_admin %}<span class="label label-success">Oui</span>{% else %}<span class="label">Non</span>{% endif %}</td>
       <td>
-        <a href="" class="btn btn-mini">Éditer</a>
-        <a href="" class="btn btn-mini btn-danger">Supprimer</a>
+        <a href="{{ url_for('admin_user_edit', iduser=user.userid) }}" class="btn btn-mini">Éditer</a>
+        <a href="{{ url_for('admin_user_del', iduser=user.userid) }}" class="btn btn-mini btn-danger">Supprimer</a>
       </td>
     </tr>
     {% endfor %}