Commit 207059b4 authored by Mathieu Giraud's avatar Mathieu Giraud
Browse files

Merge branch 'feature-s/1682-allow-user-to-modify-password' into 'dev'

Allow user to modify password

Closes #1682

See merge request !196
parents 4fe87a4a 5cf816ed
Pipeline #43419 failed with stages
in 5 minutes and 4 seconds
...@@ -57,30 +57,32 @@ def index(): ...@@ -57,30 +57,32 @@ def index():
reverse=reverse) reverse=reverse)
def edit(): def edit():
if auth.is_admin(): if auth.can_modify_user(int(request.vars['id'])):
user = db.auth_user[request.vars["id"]] user = db.auth_user[request.vars["id"]]
return dict(message=T("Edit user"), user=user) return dict(message=T("Edit user"), user=user)
return error_message(ACCESS_DENIED) return error_message(ACCESS_DENIED)
def edit_form(): def edit_form():
if auth.is_admin(): if auth.can_modify_user(int(request.vars['id'])):
error = "" error = []
if request.vars["first_name"] == "" : if request.vars["first_name"] == "" :
error += "first name needed, " error.append("first name needed")
if request.vars["last_name"] == "" : if request.vars["last_name"] == "" :
error += "last name needed, " error.append("last name needed")
if request.vars["email"] == "": if request.vars["email"] == "":
error += "email cannot be empty" error.append("email cannot be empty")
elif not re.match(r"[^@]+@[^@]+\.[^@]+", request.vars["email"]): elif not re.match(r"[^@]+@[^@]+\.[^@]+", request.vars["email"]):
error += "incorrect email format" error.append("incorrect email format")
if request.vars["password"] != "": if request.vars["password"] != "":
if request.vars["confirm_password"] != request.vars["password"]: if request.vars["confirm_password"] != request.vars["password"]:
error += "password fields must match" error.append("password fields must match")
else: else:
password = db.auth_user.password.validate(request.vars["password"])[0] password = db.auth_user.password.validate(request.vars["password"])[0]
if not password:
error.append("Password is too short, should be at least of length "+str(auth.settings.password_min_length))
if error == "": if len(error) == 0:
data = dict(first_name = request.vars["first_name"], data = dict(first_name = request.vars["first_name"],
last_name = request.vars["last_name"], last_name = request.vars["last_name"],
email = request.vars["email"]) email = request.vars["email"])
...@@ -95,7 +97,7 @@ def edit_form(): ...@@ -95,7 +97,7 @@ def edit_form():
return gluon.contrib.simplejson.dumps(res, separators=(',',':')) return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else : else :
res = {"success" : "false", "message" : error} res = {"success" : "false", "message" : ', '.join(error)}
log.error(res) log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':')) return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else : else :
......
...@@ -310,6 +310,15 @@ class VidjilAuth(Auth): ...@@ -310,6 +310,15 @@ class VidjilAuth(Auth):
and (self.get_permission(PermissionEnum.admin_pre_process.value, 'pre_process', pre_process_id, user)\ and (self.get_permission(PermissionEnum.admin_pre_process.value, 'pre_process', pre_process_id, user)\
or self.is_admin(user)) or self.is_admin(user))
def can_modify_user(self, id):
'''
Returns True if the current user can modify the user
whose ID is given as parameter
:param: id should be an integer
'''
return self.is_admin() or self.user_id == id
def can_modify(self, object_of_action, id, user = None): def can_modify(self, object_of_action, id, user = None):
''' '''
Returns True if the user can modify the object of action whose ID id id Returns True if the user can modify the object of action whose ID id id
......
...@@ -78,6 +78,8 @@ auth = VidjilAuth(db) ...@@ -78,6 +78,8 @@ auth = VidjilAuth(db)
crud, service, plugins = Crud(db), Service(), PluginManager() crud, service, plugins = Crud(db), Service(), PluginManager()
auth.settings.password_min_length = 6
## create all tables needed by auth if not custom tables ## create all tables needed by auth if not custom tables
auth.define_tables(username=False, signature=False) auth.define_tables(username=False, signature=False)
......
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
{{if not auth.is_impersonating() :}} {{if not auth.is_impersonating() :}}
{{=auth.user.first_name}} {{=auth.user.last_name}} {{=auth.user.first_name}} {{=auth.user.last_name}} <a href="#" onclick="db.call('user/edit', {'id': '{{=auth.user_id}}'})"><i class="icon-pencil-2" title="Edit my personal informations"></i></a>
{{pass}} {{pass}}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment