Commit 207059b4 authored by Mathieu Giraud's avatar Mathieu Giraud

Merge branch 'feature-s/1682-allow-user-to-modify-password' into 'dev'

Allow user to modify password

Closes #1682

See merge request !196
parents 4fe87a4a 5cf816ed
Pipeline #43419 failed with stages
in 5 minutes and 4 seconds
......@@ -57,30 +57,32 @@ def index():
reverse=reverse)
def edit():
if auth.is_admin():
if auth.can_modify_user(int(request.vars['id'])):
user = db.auth_user[request.vars["id"]]
return dict(message=T("Edit user"), user=user)
return error_message(ACCESS_DENIED)
def edit_form():
if auth.is_admin():
error = ""
if auth.can_modify_user(int(request.vars['id'])):
error = []
if request.vars["first_name"] == "" :
error += "first name needed, "
error.append("first name needed")
if request.vars["last_name"] == "" :
error += "last name needed, "
error.append("last name needed")
if request.vars["email"] == "":
error += "email cannot be empty"
error.append("email cannot be empty")
elif not re.match(r"[^@]+@[^@]+\.[^@]+", request.vars["email"]):
error += "incorrect email format"
error.append("incorrect email format")
if request.vars["password"] != "":
if request.vars["confirm_password"] != request.vars["password"]:
error += "password fields must match"
error.append("password fields must match")
else:
password = db.auth_user.password.validate(request.vars["password"])[0]
if not password:
error.append("Password is too short, should be at least of length "+str(auth.settings.password_min_length))
if error == "":
if len(error) == 0:
data = dict(first_name = request.vars["first_name"],
last_name = request.vars["last_name"],
email = request.vars["email"])
......@@ -95,7 +97,7 @@ def edit_form():
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
res = {"success" : "false", "message" : error}
res = {"success" : "false", "message" : ', '.join(error)}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
......
......@@ -310,6 +310,15 @@ class VidjilAuth(Auth):
and (self.get_permission(PermissionEnum.admin_pre_process.value, 'pre_process', pre_process_id, user)\
or self.is_admin(user))
def can_modify_user(self, id):
'''
Returns True if the current user can modify the user
whose ID is given as parameter
:param: id should be an integer
'''
return self.is_admin() or self.user_id == id
def can_modify(self, object_of_action, id, user = None):
'''
Returns True if the user can modify the object of action whose ID id id
......
......@@ -78,6 +78,8 @@ auth = VidjilAuth(db)
crud, service, plugins = Crud(db), Service(), PluginManager()
auth.settings.password_min_length = 6
## create all tables needed by auth if not custom tables
auth.define_tables(username=False, signature=False)
......
......@@ -49,7 +49,7 @@
{{if not auth.is_impersonating() :}}
{{=auth.user.first_name}} {{=auth.user.last_name}}
{{=auth.user.first_name}} {{=auth.user.last_name}} <a href="#" onclick="db.call('user/edit', {'id': '{{=auth.user_id}}'})"><i class="icon-pencil-2" title="Edit my personal informations"></i></a>
{{pass}}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment