user delete by admin in progress

046f3ba4 · Vladislav Rykov · ea096182 · 046f3ba4 · 046f3ba4 · 046f3ba4
Commit 046f3ba4 authored Apr 24, 2020 by Vladislav Rykov
--- a/app/app/__pycache__/views.cpython-35.pyc
+++ b/app/app/__pycache__/views.cpython-35.pyc
--- a/app/app/templates/admin/dashboard.html
+++ b/app/app/templates/admin/dashboard.html
@@ -50,7 +50,7 @@
 		<div>
 			<ol class="list-group" start="{{ usn }}">
       				{% for u in users %}
-				<a href="users?name={{ u[0] }}">
+				<a href="user?name={{ u[0] }}">
 					<li class="list-group-item">
 						<strong> {{ u[0] }} </strong>
 					</li>
@@ -67,21 +67,21 @@
 					{% else %}
 					<li class="disabled">
 					{% endif %}
-						<a href="/dev-data-pg?p={{ pp }}" aria-label="Previous">
+						<a href="/dashboard?p={{ pp }}" aria-label="Previous">
 							<span aria-hidden="true">&laquo;</span>
 						</a>
 					</li>
 					{% for i in range(pr[0],pr[1]) %}
 						{% if i == cp %}
 						<li class="active">
-							<a href="/dev-data-pg?p={{ i }}">
+							<a href="/dashboard?p={{ i }}">
 								{{ i }}
 								<span class="sr-only">(current)</span>
 							</a>
 						</li>
 						{% else %}
 						<li>
-							<a href="/dev-data-pg?p={{ i }}"> {{ i }} </a>
+							<a href="/dashboard?p={{ i }}"> {{ i }} </a>
 						</li>
 						{% endif %}
 					{% endfor %}
@@ -90,7 +90,7 @@
 					{% else %}
 					<li class="disabled">
 					{% endif %}
-						<a href="/dev-data-pg?p={{ np }}" aria-label="Next">
+						<a href="/dashboard?p={{ np }}" aria-label="Next">
 							<span aria-hidden="true">&raquo;</span>
 						</a>
 					</li>

--- a/app/app/templates/admin/user.html
+++ b/app/app/templates/admin/user.html
+{% extends 'layout.html' %}
+
+{% block title %} {{ username }} {% endblock %}
+
+{% block content %}
+
+<div class="row">
+	<div class="col-md-6 col-md-offset-3">
+		{% if username %}
+		<h2> {{ username }} </h2>
+		<br>
+		<h4> Applications: </h4>
+		{% if apps %}
+		<br>
+		<ol class="list-group">
+			{% for app in apps %}
+			<a href="/app?appkey={{ app[1] }}"><li class="list-group-item"><strong> {{ app[0] }} </strong></li></a>
+			{% endfor %}
+		</ol>
+		{% else %}
+		<p> User does not have registered applications. </p>
+		{% endif %}
+		<br>
+
+		<a href="/user-delete?name={{ username }}"><button class="btn btn-danger" onclick="return confirm('Make sure you know what you are doing! This action will permanently remove the user with all devices and data.')">Delete User</button></a>
+		{% else %}
+		<h2>Log in, please</h2>
+		<br>
+		<a href="/login"><button class="btn btn-primary btn-lg">Login</button></a>
+		{% endif %}
+		{% if feedback %}
+		<p class="text-danger float-right"> {{ feedback }} </p>	
+		{% endif %}
+	</div>
+</div>
+
+{% endblock %}
--- a/app/app/views.py
+++ b/app/app/views.py
@@ -118,21 +118,15 @@ def new_application():
 def app_():
    if 'name' in session:
        if request.method == 'GET':
-            
            session['appkey'] = request.args.get('appkey')

            ap = ad.get(session['appkey'])
            devs = dd.get_list(ap[1][1])
-        
-            try:
-                filelist = [f for f in os.listdir(app.config['DATA_DOWNLOAD_DIR_OS'])]
-                for f in filelist:
-                    os.remove(app.config['DATA_DOWNLOAD_DIR_OS']+'/'+f)
-            except OSError:
-                pass
-
-           # print('devs : ', devs)
-            return render_template('public/app.html', app=ap[1], devs=devs[1])
+            
+            if session['role'] == 'admin' or session['name'] == ap[1][2]:
+                return render_template('public/app.html', app=ap[1], devs=devs[1])
+            else:
+                return redirect(url_for('index'))
        else:
            if request.form['appname'] == '':
                error = 'Application name cannot be empty.'
@@ -194,6 +188,14 @@ def new_dev():
 def dev():
    if 'name' in session:
        if request.method == 'GET':
+           
+            # possible security improvement
+            #ap = ad.get(session['appkey'])
+            #if session['role'] == 'admin' or session['name'] == ap[1][2]:
+            #    return render_template(...)
+            #else:
+            #    return redirect(url_for('index'))
+
            dev = dd.get(session['appkey'], request.args.get('id'))

            session['devid'] = int(dev[1][1])
@@ -396,5 +398,29 @@ def dashboard_clean_search():
        session.pop('users_filter', None)
    return redirect(url_for('dashboard'))

+
+@app.route('/user')
+def user():
+    if 'role' in session and session['role'] == 'admin':
+        name = request.args.get('name')
+        apps = ad.get_list(name)
+        
+        session.pop('appkey', None)
+        # print('apps: ', apps)
+        if apps[0]:
+            return render_template('admin/user.html', apps=apps[1], username=name)
+        else:
+            return render_template('admin/user.html', feedback=apps[1], username=name)
+    else:
+        return render_template('public/index.html')
+
+
+@app.route('/user-delete')
+def user_delete():
+    user = ud.get(request.args.get('name'))
+    if user[2] != 'admin' and session['role'] and session['role'] == 'admin':
+        pass
+        
+
 def pend_delete_all_ack():
    pend.delete_all_ack()