def edit_user(user_id):
session = request.db_session
cuser = None
if user_id is not None:
cuser = session.query(User).get(user_id)
if not cuser:
return abort(404)
if cuser.id != request.user.id and not request.user.can_manage:
return abort(403)
elif not request.user.can_manage:
return abort(403)
errors = []
if request.method == 'POST':
if not cuser and not request.user.can_manage:
return abort(403)
user_name = request.form.get('user_name')
password = request.form.get('user_password')
can_manage = request.form.get('user_can_manage') == 'on'
can_view_buildlogs = request.form.get('user_can_view_buildlogs') == 'on'
can_download_artifacts = request.form.get('user_can_download_artifacts') == 'on'
if not cuser: # Create a new user
assert request.user.can_manage
other = session.query(User).filter_by(name=user_name).one_or_none()
if other:
errors.append('User {!r} already exists'.format(user_name))
else:
cuser = User(name=user_name, passhash=utils.hash_pw(password),
can_manage=can_manage, can_view_buildlogs=can_view_buildlogs,
can_download_artifacts=can_download_artifacts)
else: # Update user settings
if password:
cuser.passhash = utils.hash_pw(password)
# The user can only update privileges if he has managing privileges.
if request.user.can_manage:
cuser.can_manage = can_manage
cuser.can_view_buildlogs = can_view_buildlogs
cuser.can_download_artifacts = can_download_artifacts
if not errors:
session.add(cuser)
session.commit()
return redirect(cuser.url())
return render_template('edit_user.html', user=request.user, cuser=cuser,
errors=errors)
评论列表
文章目录
