add permission for changing own password

8 years ago · f66d7ce29b
parent bc35250f28
commit f66d7ce29b
4 changed files with 25 additions and 3 deletions
--- a/cps/templates/user_edit.html
+++ b/cps/templates/user_edit.html
@ -13,10 +13,12 @@
      <label for="email">Email address</label>
      <input type="email" class="form-control" name="email" id="email" value="{{ content.email if content.email != None }}" required> 
    </div>
+    {% if g.user and g.user.role_passwd() or g.user.role_admin()%}
    <div class="form-group">
      <label for="password">Password</label>
      <input type="password" class="form-control" name="password" id="password" value="">
    </div>
+    {% endif %}
    <div class="form-group">
      <label for="kindle_mail">Kindle E-Mail</label>
      <input type="text" class="form-control" name="kindle_mail" id="kindle_mail" value="{{ content.kindle_mail if content.kindle_mail != None }}">
@ -38,6 +40,10 @@
      <label for="edit_role">Allow Edit</label>
      <input type="checkbox" name="edit_role" id="edit_role" {% if content.role_edit() %}checked{% endif %}>
    </div>
+    <div class="form-group">
+      <label for="passwd_role">Allow Changing Password</label>
+      <input type="checkbox" name="passwd_role" id="passwd_role" {% if content.role_passwd() %}checked{% endif %}>
+    </div>
    {% endif %}
    {% if g.user and g.user.role_admin() and not profile and not new_user %}
    <div class="checkbox">
--- a/cps/templates/user_list.html
+++ b/cps/templates/user_list.html
@ -12,6 +12,7 @@
        <th>Download</th>
        <th>Upload</th>
        <th>Edit</th>
+        <th>Passwd</th>

    </tr>
    {% for user in content %}
@ -24,6 +25,8 @@
        <td>{% if user.role_download() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
        <td>{% if user.role_upload() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
        <td>{% if user.role_edit() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
+        <td>{% if user.role_passwd() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
+
    {% endfor %}
  </table>
    <div class="btn btn-default"><a href="{{url_for('new_user')}}">Add new user</a></div>
--- a/cps/ub.py
+++ b/cps/ub.py
@ -17,6 +17,7 @@ ROLE_ADMIN = 1
 ROLE_DOWNLOAD = 2
 ROLE_UPLOAD = 4 
 ROLE_EDIT = 8
+ROLE_PASSWD = 16
 DEFAULT_PASS = "admin123"

 class User(Base):
@ -54,6 +55,11 @@ class User(Base):
            return True if self.role & ROLE_EDIT == ROLE_EDIT else False
        else:
            return False
+    def role_passwd(self):
+        if self.role is not None:
+            return True if self.role & ROLE_PASSWD == ROLE_PASSWD else False
+        else:
+            return False

    def is_active(self):
        return True
--- a/cps/web.py
+++ b/cps/web.py
@ -649,8 +649,9 @@ def profile():
        downloads.append(db.session.query(db.Books).filter(db.Books.id == book.book_id).first())
    if request.method == "POST":
        to_save = request.form.to_dict()
-        if to_save["password"]:
-            content.password = generate_password_hash(to_save["password"])
+        if current_user.role_passwd() or current_user.role_admin():
+            if to_save["password"]:
+                content.password = generate_password_hash(to_save["password"])
        if to_save["kindle_mail"] and to_save["kindle_mail"] != content.kindle_mail:
            content.kindle_mail = to_save["kindle_mail"]
        if to_save["email"] and to_save["email"] != content.email:
@ -694,6 +695,8 @@ def new_user():
            content.role = content.role + ub.ROLE_UPLOAD
        if "edit_role" in to_save:
            content.role = content.role + ub.ROLE_EDIT
+        if "passwd_role" in to_save:
+            content.role = content.role + ub.ROLE_PASSWD
        try:
            ub.session.add(content)
            ub.session.commit()
@ -764,7 +767,11 @@ def edit_user(user_id):
                content.role = content.role + ub.ROLE_EDIT
            elif not "edit_role" in to_save and content.role_edit():
                content.role = content.role - ub.ROLE_EDIT
-           
+            
+            if "passwd_role" in to_save and not content.role_passwd():
+                content.role = content.role + ub.ROLE_PASSWD
+            elif not "passwd_role" in to_save and content.role_passwd():
+                content.role = content.role - ub.ROLE_PASSWD
           
            if to_save["email"] and to_save["email"] != content.email:
                content.email = to_save["email"]