Mailu/admin/mailu/views/users.py

from mailu import app, db, models, forms, access

import flask
import flask_login
import wtforms
import wtforms_components


@app.route('/user/list/<domain_name>', methods=['GET'])
@access.domain_admin(models.Domain, 'domain_name')
def user_list(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    return flask.render_template('user/list.html', domain=domain)


@app.route('/user/create/<domain_name>', methods=['GET', 'POST'])
@access.domain_admin(models.Domain, 'domain_name')
def user_create(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    if domain.max_users and len(domain.users) >= domain.max_users:
        flask.flash('Too many users for domain %s' % domain, 'error')
        return flask.redirect(
            flask.url_for('.user_list', domain_name=domain.name))
    form = forms.UserForm()
    if domain.max_quota_bytes:
        form.quota_bytes.validators = [
            wtforms.validators.NumberRange(max=domain.max_quota_bytes)]
    if form.validate_on_submit():
        if domain.has_email(form.localpart.data):
            flask.flash('Email is already used', 'error')
        else:
            user = models.User(domain=domain)
            form.populate_obj(user)
            user.set_password(form.pw.data)
            db.session.add(user)
            db.session.commit()
            flask.flash('User %s created' % user)
            return flask.redirect(
                flask.url_for('.user_list', domain_name=domain.name))
    return flask.render_template('user/create.html',
        domain=domain, form=form)


@app.route('/user/edit/<user_email>', methods=['GET', 'POST'])
@access.domain_admin(models.User, 'user_email')
def user_edit(user_email):
    user = models.User.query.get(user_email) or flask.abort(404)
    # Handle the case where user quota is more than allowed
    max_quota_bytes = user.domain.max_quota_bytes
    if max_quota_bytes and user.quota_bytes > max_quota_bytes:
        max_quota_bytes = user.quota_bytes
    # Create the form
    form = forms.UserForm(obj=user)
    wtforms_components.read_only(form.localpart)
    form.pw.validators = []
    form.localpart.validators = []
    if max_quota_bytes:
        form.quota_bytes.validators = [
            wtforms.validators.NumberRange(max=max_quota_bytes)]
    if form.validate_on_submit():
        form.populate_obj(user)
        if form.pw.data:
            user.set_password(form.pw.data)
        db.session.commit()
        flask.flash('User %s updated' % user)
        return flask.redirect(
            flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/edit.html', form=form, user=user,
        domain=user.domain, max_quota_bytes=max_quota_bytes)


@app.route('/user/delete/<user_email>', methods=['GET', 'POST'])
@access.domain_admin(models.User, 'user_email')
@access.confirmation_required("delete {user_email}")
def user_delete(user_email):
    user = models.User.query.get(user_email) or flask.abort(404)
    domain = user.domain
    db.session.delete(user)
    db.session.commit()
    flask.flash('User %s deleted' % user)
    return flask.redirect(
        flask.url_for('.user_list', domain_name=domain.name))


@app.route('/user/settings', methods=['GET', 'POST'], defaults={'user_email': None})
@app.route('/user/usersettings/<user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_settings(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserSettingsForm(obj=user)
    if form.validate_on_submit():
        form.populate_obj(user)
        db.session.commit()
        flask.flash('Settings updated for %s' % user)
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/settings.html', form=form, user=user)


@app.route('/user/password', methods=['GET', 'POST'], defaults={'user_email': None})
@app.route('/user/password/<user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_password(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserPasswordForm()
    if form.validate_on_submit():
        if form.pw.data != form.pw2.data:
            flask.flash('Passwords do not match', 'error')
        else:
            user.set_password(form.pw.data)
            db.session.commit()
            flask.flash('Password updated for %s' % user)
            if user_email:
                return flask.redirect(flask.url_for('.user_list',
                    domain_name=user.domain.name))
    return flask.render_template('user/password.html', form=form, user=user)


@app.route('/user/forward', methods=['GET', 'POST'], defaults={'user_email': None})
@app.route('/user/forward/<user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_forward(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserForwardForm(obj=user)
    if form.validate_on_submit():
        form.populate_obj(user)
        db.session.commit()
        flask.flash('Forward destination updated for %s' % user)
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/forward.html', form=form, user=user)


@app.route('/user/reply', methods=['GET', 'POST'], defaults={'user_email': None})
@app.route('/user/reply/<user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_reply(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserReplyForm(obj=user)
    if form.validate_on_submit():
        form.populate_obj(user)
        db.session.commit()
        flask.flash('Auto-reply message updated for %s' % user)
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/reply.html', form=form, user=user)
Fix all references to mailu.admin 2017-09-17 14:37:10 +02:00			`from mailu import app, db, models, forms, access`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00
			`import flask`
Remove deprecated flask.ext imports 2016-08-13 20:51:54 +02:00			`import flask_login`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`import wtforms`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`import wtforms_components`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

			`@app.route('/user/list/<domain_name>', methods=['GET'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_list(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/list.html', domain=domain)`


			`@app.route('/user/create/<domain_name>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_create(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`if domain.max_users and len(domain.users) >= domain.max_users:`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('Too many users for domain %s' % domain, 'error')`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(`
			`flask.url_for('.user_list', domain_name=domain.name))`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`form = forms.UserForm()`
Handle infinite quotas when adding validators, fixes #162 2017-02-14 22:37:51 +02:00			`if domain.max_quota_bytes:`
			`form.quota_bytes.validators = [`
			`wtforms.validators.NumberRange(max=domain.max_quota_bytes)]`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
Rename the generic 'address' to 'email' 2016-05-01 20:04:40 +02:00			`if domain.has_email(form.localpart.data):`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`flask.flash('Email is already used', 'error')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`else:`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`user = models.User(domain=domain)`
			`form.populate_obj(user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`user.set_password(form.pw.data)`
			`db.session.add(user)`
			`db.session.commit()`
			`flask.flash('User %s created' % user)`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/create.html',`
			`domain=domain, form=form)`


			`@app.route('/user/edit/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_edit(user_email):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`user = models.User.query.get(user_email) or flask.abort(404)`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`# Handle the case where user quota is more than allowed`
			`max_quota_bytes = user.domain.max_quota_bytes`
			`if max_quota_bytes and user.quota_bytes > max_quota_bytes:`
			`max_quota_bytes = user.quota_bytes`
			`# Create the form`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`form = forms.UserForm(obj=user)`
			`wtforms_components.read_only(form.localpart)`
			`form.pw.validators = []`
Fix the behaviour from Wtforms Components regarding readonly, related to #152 2017-01-25 01:05:03 +02:00			`form.localpart.validators = []`
Handle infinite quotas when adding validators, fixes #162 2017-02-14 22:37:51 +02:00			`if max_quota_bytes:`
			`form.quota_bytes.validators = [`
			`wtforms.validators.NumberRange(max=max_quota_bytes)]`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
Improve the action buttons 2016-03-22 22:15:57 +02:00			`if form.pw.data:`
			`user.set_password(form.pw.data)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.commit()`
			`flask.flash('User %s updated' % user)`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`return flask.render_template('user/edit.html', form=form, user=user,`
			`domain=user.domain, max_quota_bytes=max_quota_bytes)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

Switch to form-based confirmations, fixes #20 2016-08-19 10:49:05 +02:00			`@app.route('/user/delete/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.User, 'user_email')`
Clean imports and remove calls to the utils module 2016-08-29 19:35:09 +02:00			`@access.confirmation_required("delete {user_email}")`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_delete(user_email):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`user = models.User.query.get(user_email) or flask.abort(404)`
Do not use objects after deleting them, fixes #112 2016-11-12 16:47:48 +02:00			`domain = user.domain`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.delete(user)`
			`db.session.commit()`
			`flask.flash('User %s deleted' % user)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(`
Do not use objects after deleting them, fixes #112 2016-11-12 16:47:48 +02:00			`flask.url_for('.user_list', domain_name=domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

			`@app.route('/user/settings', methods=['GET', 'POST'], defaults={'user_email': None})`
			`@app.route('/user/usersettings/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_settings(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
Prefill user forms 2016-03-20 12:14:27 +02:00			`form = forms.UserSettingsForm(obj=user)`
Add some example settings 2016-03-20 12:09:06 +02:00			`if form.validate_on_submit():`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
Add some example settings 2016-03-20 12:09:06 +02:00			`db.session.commit()`
			`flask.flash('Settings updated for %s' % user)`
			`if user_email:`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Add some example settings 2016-03-20 12:09:06 +02:00			`return flask.render_template('user/settings.html', form=form, user=user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

			`@app.route('/user/password', methods=['GET', 'POST'], defaults={'user_email': None})`
			`@app.route('/user/password/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_password(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`form = forms.UserPasswordForm()`
			`if form.validate_on_submit():`
			`if form.pw.data != form.pw2.data:`
			`flask.flash('Passwords do not match', 'error')`
			`else:`
			`user.set_password(form.pw.data)`
			`db.session.commit()`
			`flask.flash('Password updated for %s' % user)`
			`if user_email:`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(flask.url_for('.user_list',`
			`domain_name=user.domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/password.html', form=form, user=user)`


			`@app.route('/user/forward', methods=['GET', 'POST'], defaults={'user_email': None})`
			`@app.route('/user/forward/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_forward(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
Prefill user forms 2016-03-20 12:14:27 +02:00			`form = forms.UserForwardForm(obj=user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
Fix a bug when updating the forward address 2016-05-29 17:06:06 +02:00			`form.populate_obj(user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.commit()`
			`flask.flash('Forward destination updated for %s' % user)`
			`if user_email:`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`return flask.render_template('user/forward.html', form=form, user=user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`@app.route('/user/reply', methods=['GET', 'POST'], defaults={'user_email': None})`
			`@app.route('/user/reply/<user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`def user_reply(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
Prefill user forms 2016-03-20 12:14:27 +02:00			`form = forms.UserReplyForm(obj=user)`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`if form.validate_on_submit():`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`db.session.commit()`
			`flask.flash('Auto-reply message updated for %s' % user)`
			`if user_email:`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`return flask.render_template('user/reply.html', form=form, user=user)`