What i wanted is a profile page with all the auth forms, profile, change
password and create users if the logged in user is an admin.
As for the change password confirmation i have to use session.flash to got
the success message but the problem was it is always empty even when the
form was successful, i thought this might be because im mixing many forms
at once and maybe one of them is doing a second redirection clearing out
the session.flash. With those small changes to tools.py im fixing the
behaviour.
This is the controller:
def user():
form = None
errors = ""
create_form = ""
if auth.user:
userid = auth.user.id
if request.args[0] == "profile":
if request.vars['_formname'] == "profile":
# dont want the users to change the email
request.vars.pop("email", None)
request.post_vars.pop("email", None)
form = SQLFORM.factory(
db.auth_user.first_name
, db.auth_user.last_name).process(formname="profile")
if form.accepted:
auth.user.update(**form.vars)
form_pass = auth.change_password(next="")
if admin:
create_form = auth.register(next="")
elif request.args[0] == "logout":
form = auth()
elif request.args[0] == "impersonate":
if admin and len(request.args)>1:
try:
id = int(request.args[1])
auth.impersonate(id)
except:
pass
redirect("/")
elif admin and request.args[0] == "activate":
# activate a user
if len(request.args)>1:
userid = request.args[1] #this is weak, no validation
auth.add_membership("users", userid)
redirect("/user")
elif admin and request.args[0] == "suspend":
# deactive a user
if len(request.args)>1:
try:
userid = long(request.args[1])
auth.del_membership("users", userid)
except:
pass
redirect("/user")
elif admin and request.args[0] == "create":
create_form = SQLFORM(db.auth_user).process(formname="create")
if create_form.accepted:
auth.add_membership("users", create_form.vars.id)
elif create_form.errors:
pass
redirect("/user")
# else:
# form = auth()
# profile view
response.view = "default/profile.html"
else:
# login view
response.view = "default/user.html"
if not form:
form = auth()
"""
exposes:
http://..../[app]/default/user/login
http://..../[app]/default/user/logout
http://..../[app]/default/user/register
http://..../[app]/default/user/profile
http://..../[app]/default/user/retrieve_password
http://..../[app]/default/user/change_password
http://..../[app]/default/user/manage_users (requires membership in
http://..../[app]/default/user/bulk_register
use @auth.requires_login()
@auth.requires_membership('group name')
@auth.requires_permission('read','table name',record_id)
to decorate functions that need access control
"""
return locals()
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
