Move admin interface into a blueprint

1 files changed, 90 insertions, 0 deletions

diff --git a/views/admin/__init__.py b/views/admin/__init__.py
new file mode 100644
index 0000000..998bf8b
--- /dev/null
+++ b/views/admin/__init__.py
@@ -0,0 +1,90 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import
+
+from flask import Blueprint
+from flask import current_app, redirect, request, g, flash, url_for
+from uuid import uuid4
+from werkzeug.exceptions import Forbidden
+
+from accounts.utils import templated, send_register_confirmation_mail, send_mail
+from accounts.forms import AdminCreateAccountForm, AdminDisableAccountForm
+
+
+bp = Blueprint('admin', __name__)
+
+
+@bp.before_request
+def restrict_bp_to_admins():
+    if not g.user:
+        raise Forbidden(u'Bitte einloggen!')
+    if g.user.uid not in current_app.config.get('ADMIN_USERS', []):
+        raise Forbidden(u'Du bist kein Admin.')
+
+
+@bp.route('/')
+@templated('admin/index.html')
+def index():
+    return {}
+
+
+@bp.route('/create_account', methods=['GET', 'POST'])
+@templated('admin/create_account.html')
+def create_account():
+    form = AdminCreateAccountForm()
+    if request.method == 'POST' and form.validate():
+        send_register_confirmation_mail(form.username.data, form.mail.data)
+
+        flash(u'Mail versandt.', 'success')
+        return redirect(url_for('admin.index'))
+    return {'form': form}
+
+
+@bp.route('/view_blacklist')
+@bp.route('/view_blacklist/<start>')
+@templated('admin/view_blacklist.html')
+def view_blacklist(start=''):
+    entries = current_app.username_blacklist
+    if start:
+        entries = [e for e in entries if e.startswith(start)]
+
+    next_letters = set(e[len(start)] for e in entries if len(e) > len(start))
+
+    return {
+        'entries': entries,
+        'start': start,
+        'next_letters': next_letters,
+    }
+
+
+@bp.route('/disable_account', methods=['GET', 'POST'])
+@templated('admin/disable_account.html')
+def disable_account():
+    form = AdminDisableAccountForm()
+    if 'uid' in request.args:
+        form = AdminDisableAccountForm(username=request.args['uid'])
+    if request.method == 'POST' and form.validate():
+        random_pw = str(uuid4())
+        form.user.change_password(random_pw)
+        for service in current_app.all_services:
+            form.user.reset_password(service.id)
+
+        oldmail = form.user.attributes['mail']
+        mail = current_app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid
+        form.user.change_email(mail)
+
+        g.ldap.update(form.user, as_admin=True)
+
+        flash(u'Passwort auf ein zufälliges und Mailadresse auf %s '
+              u'gesetzt.' % mail, 'success')
+
+        if current_app.config.get('MAIL_REGISTER_NOTIFY'):
+            send_mail(
+                current_app.config['MAIL_REGISTER_NOTIFY'],
+                u'[accounts] Benutzer %s deaktiviert' % form.user.uid,
+                'Benutzername: %s\nE-Mail war:   %s\n\ndurch:        %s\n' % \
+                (form.user.uid, oldmail, session['username'])
+            )
+
+        return redirect(url_for('admin.index'))
+
+    return {'form': form}