Commit 0624eb6e authored by buttle's avatar buttle

Form property 'author' is now a User object.

parent fda92ee5
......@@ -32,10 +32,11 @@ babel = Babel(app)
csrf = CSRFProtect()
csrf.init_app(app)
app.config['APP_VERSION'] = 32
app.config['APP_VERSION'] = 33
app.config['SCHEMA_VERSION'] = 13
app.config['RESERVED_SLUGS'] = ['login', 'static', 'admin', 'admins', 'user', 'users', 'form', 'forms', 'site', 'sites', 'update']
app.config['RESERVED_SLUGS'] = ['login', 'static', 'admin', 'admins', 'user', 'users',
'form', 'forms', 'site', 'sites', 'update']
# DPL = Data Protection Law
app.config['RESERVED_FORM_ELEMENT_NAMES'] = ['created', 'csrf_token', 'DPL']
app.config['RESERVED_USERNAMES'] = ['system', 'admin']
......
......@@ -171,14 +171,14 @@ class User(db.Document):
return True if self.email in app.config['ROOT_USERS'] else False
def deleteUser(self):
forms = Form.findAll(author=str(self.id))
forms = Form.findAll(author_id=str(self.id))
for form in forms:
form.delete()
forms = Form.findAll(editor=str(self.id))
for form in forms:
del form.editors[str(self.id)]
form.save()
return self.delete()
self.delete()
def setToken(self, **kwargs):
self.token=createToken(User, **kwargs)
......@@ -239,7 +239,7 @@ class Form(db.Document):
created = db.StringField(required=True)
hostname = db.StringField(required=True)
slug = db.StringField(required=True)
author = db.StringField(required=True)
author_id = db.StringField(db_field="author", required=True)
editors = db.DictField(required=True)
postalCode = db.StringField(required=False)
enabled = db.BooleanField()
......@@ -277,20 +277,24 @@ class Form(db.Document):
kwargs.pop('key')
return cls.objects.ensure_hostname(**kwargs)
@property
def user(self):
return self.author
@property
def author(self):
return User.find(id=self.author_id)
def changeAuthor(self, new_author):
if new_author.enabled:
if self.author in self.editors:
del self.editors[self.author]
self.author=str(new_author.id)
if self.author_id in self.editors:
del self.editors[self.author_id]
self.author_id=str(new_author.id)
if self.addEditor(new_author):
self.save()
return True
return False
@property
def user(self):
return User.find(id=self.author)
def getFieldIndexForDataDisplay(self):
"""
formbuilder adds HTML tags to labels like '<br>' or '<div></div>'.
......@@ -310,7 +314,7 @@ class Form(db.Document):
return len(self.entries)
def isEnabled(self):
if not (self.user.enabled and self.adminPreferences['public']):
if not (self.author.enabled and self.adminPreferences['public']):
return False
return self.enabled
......@@ -329,7 +333,7 @@ class Form(db.Document):
return False
def removeEditor(self, editor_id):
if editor_id == self.author:
if editor_id == self.author_id:
return None
if editor_id in self.editors:
del self.editors[editor_id]
......@@ -407,7 +411,7 @@ class Form(db.Document):
self.save()
def isAuthor(self, user):
return True if self.author == str(user.id) else False
return True if self.author_id == user.id else False
def isEditor(self, user):
return True if str(user.id) in self.editors else False
......
......@@ -13,7 +13,6 @@
<body>
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages and request.path != '/login' %}
{% for category, message in messages %}
......@@ -22,7 +21,6 @@
{% endif %}
{% endwith %}
{% if g.current_user %}
<div class="container" style="font-size:1.3em;">
<div class="row col-md-12">
......
......@@ -28,7 +28,7 @@
{% endif %}
<tr>
<td>{%trans%}Current author{%endtrans%}</td>
<td>{{ form.user.username }}</td>
<td>{{ form.author.username }}</td>
</tr>
</table>
......@@ -42,9 +42,10 @@
<br />
<input name="new_author_username" type="text" placeholder="{%trans%}New author's username{%endtrans%}" class="form-control" required />
<p></p>
<input class="btn-primary btn btn-md" type="submit" value="{%trans%}Change author{%endtrans%}" />
<input class="btn-danger btn btn-md" type="submit" value="{%trans%}Change author{%endtrans%}" />
</form>
{% set editors=form.getEditors() %}
{% if editors|length > 1 %}
<p>&nbsp;</p>
<div style="font-size:1.5em;">
......@@ -62,7 +63,7 @@
<td>{{ editor.username }}</td>
<td>{{ editor.email }}</td>
<td class="text-right">
{% if editor.id|string == form.author %}
{% if editor == form.author %}
{%trans%}Author{%endtrans%}
{% else %}
{%trans%}Editor{%endtrans%}
......
......@@ -152,15 +152,15 @@
<tr>
<td>
{%trans%}Author{%endtrans%}
{% if not form.user.enabled %}
{% if not form.author.enabled %}
<span style="color:red">({%trans%}disabled{%endtrans%})</span>
{% endif %}
</td>
<td>
{% if g.isAdmin %}
<a href="/admin/users/{{ form.user.id }}">{{ form.user.username }}</a>
<a href="/admin/users/{{ form.author.id }}">{{ form.author.username }}</a>
{% else %}
{{ form.user.username }}
{{ form.author.username }}
{% endif %}
</td>
</tr>
......@@ -182,9 +182,9 @@
<input class="btn-primary btn btn-sm" type="button" value="{%trans%}Duplicate form{%endtrans%}" onClick="location.href='/forms/duplicate/{{ form.id }}'">
<p></p>
{% if form.totalEntries == 0 %}
<input class="btn-danger btn btn-sm" type="button" value="{%trans%}Delete form{%endtrans%}" onClick="location.href='/forms/delete/{{ form.id }}'">
<input class="btn-warning btn btn-sm" type="button" value="{%trans%}Delete form{%endtrans%}" onClick="location.href='/forms/delete/{{ form.id }}'">
{% else %}
<input class="btn-danger btn btn-sm" type="button" value="{%trans%}Delete form and entries{%endtrans%}" onClick="location.href='/forms/delete/{{ form.id }}'">
<input class="btn-warning btn btn-sm" type="button" value="{%trans%}Delete form and entries{%endtrans%}" onClick="location.href='/forms/delete/{{ form.id }}'">
{% endif %}
{% endif %}
......
......@@ -66,9 +66,9 @@
</table>
{% if g.isAdmin and not user.id == g.current_user.id %}
{% if user.forms|length %}
<input class="btn-danger btn btn-sm" type="button" value="{%trans%}Delete user and authored forms{%endtrans%}" onClick="location.href='/admin/users/delete/{{user.id}}'">
<input class="btn-warning btn btn-sm" type="button" value="{%trans%}Delete user and authored forms{%endtrans%}" onClick="location.href='/admin/users/delete/{{user.id}}'">
{% else %}
<input class="btn-danger btn btn-sm" type="button" value="{%trans%}Delete user{%endtrans%}" onClick="location.href='/admin/users/delete/{{user.id}}'">
<input class="btn-warning btn btn-sm" type="button" value="{%trans%}Delete user{%endtrans%}" onClick="location.href='/admin/users/delete/{{user.id}}'">
{% endif %}
{% endif %}
......@@ -97,7 +97,7 @@
<td><a href="/forms/view/{{form.id}}">{{form.slug}}</a></td>
<td>{{form.created}}</td>
<td>
{% if user.id|string == form.author %}
{% if user == form.author %}
{%trans%}True{%endtrans%}
{% else %}
{%trans%}False{%endtrans%}
......
......@@ -67,7 +67,7 @@
{{ editor.email }}
</td>
<td class="text-right">
{% if editor.id|string == form.author %}
{% if editor == form.author %}
({%trans%}Author{%endtrans%})
{% else %}
<input class="btn btn-xs btn-danger" type="button" value="{%trans%}Remove{%endtrans%}" onClick="js:removeEditor('{{editor.id}}');">
......
......@@ -5,6 +5,8 @@
<script src="/static/dataTables/dataTables.bootstrap.min.js"></script>
<link rel="stylesheet" type="text/css" href="/static/dataTables/dataTables.bootstrap.min.css">
{% set fieldIndex=form.getFieldIndexForDataDisplay() %}
<div class="container">
<div class="row col-md-11" style="font-size:1.5em">
{{ form.slug }}
......
......@@ -115,7 +115,6 @@ def view_form(slug):
value=', '.join(value) # convert list of values to a string
key=key.rstrip('[]') # remove tailing '[]' from the name attrib (appended by formbuilder)
entry[key]=value
queriedForm.entries.append(entry)
if not queriedForm.expired and queriedForm.hasExpired():
......@@ -159,10 +158,7 @@ def view_entries(slug, key):
queriedForm = Form.find(slug=slug, key=key)
if not queriedForm or not queriedForm.areEntriesShared():
return render_template('page-not-found.html'), 400
return render_template('view-results.html', form=queriedForm,
fieldIndex=queriedForm.getFieldIndexForDataDisplay(),
language=get_locale())
return render_template('view-results.html', form=queriedForm, language=get_locale())
@app.route('/<string:slug>/csv/<string:key>', methods=['GET'])
......@@ -288,7 +284,7 @@ def remove_editor(form_id, editor_id):
queriedForm = Form.find(id=form_id, editor=str(g.current_user.id))
if not queriedForm:
return json.dumps(False)
if editor_id == queriedForm.author:
if editor_id == queriedForm.author_id:
return json.dumps(False)
removedEditor_id=queriedForm.removeEditor(editor_id)
......@@ -497,7 +493,7 @@ def save_form(id=None):
newFormData={
"created": datetime.date.today().strftime("%Y-%m-%d"),
"author": str(g.current_user.id),
"author_id": str(g.current_user.id),
"editors": {str(g.current_user.id): Form.newEditorPreferences()},
"postalCode": "08014",
"enabled": False,
......@@ -626,7 +622,6 @@ def list_entries(id):
if not queriedForm:
flash(gettext("No form found"), 'warning')
return redirect(make_url_for('my_forms'))
return render_template('list-entries.html', form=queriedForm)
@app.route('/forms/csv/<string:id>', methods=['GET'])
......@@ -1318,8 +1313,8 @@ def delete_user(id):
flash(gettext("Cannot delete yourself"), 'warning')
return redirect(make_url_for('inspect_user', username=user.username))
if user.username == request.form['username']:
if user.deleteUser():
flash(gettext("Deleted user '%s'" % (user.username)), 'success')
user.deleteUser()
flash(gettext("Deleted user '%s'" % (user.username)), 'success')
return redirect(make_url_for('list_users'))
else:
flash(gettext("Username does not match"), 'warning')
......@@ -1351,16 +1346,15 @@ def change_author(id):
if not queriedForm:
flash(gettext("Form is not available"), 'warning')
return redirect(make_url_for('my_forms'))
editors=queriedForm.getEditors()
if request.method == 'POST':
if not 'old_author_username' in request.form or not request.form['old_author_username']==queriedForm.user.username:
if not ('old_author_username' in request.form and request.form['old_author_username']==queriedForm.author.username):
flash(gettext("Current author incorrect"), 'warning')
return render_template('change-author.html', form=queriedForm, editors=editors)
return render_template('change-author.html', form=queriedForm)
if 'new_author_username' in request.form:
new_author=User.find(username=request.form['new_author_username'], hostname=queriedForm.hostname)
if new_author:
if new_author.enabled:
old_author=queriedForm.user # we really need to find better property names than author and user
old_author=queriedForm.author
if queriedForm.changeAuthor(new_author):
queriedForm.addLog(gettext("Changed author from %s to %s" % (old_author.username, new_author.username)))
flash(gettext("Changed author OK"), 'success')
......@@ -1369,7 +1363,7 @@ def change_author(id):
flash(gettext("Cannot use %s. The user is not enabled" % request.form['new_author_username']), 'warning')
else:
flash(gettext("Can't find username %s" % request.form['new_author_username']), 'warning')
return render_template('change-author.html', form=queriedForm, editors=editors)
return render_template('change-author.html', form=queriedForm)
"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment