Fixed get_permissions

flaskbb/admin/forms.py

@@ -20,6 +20,7 @@ from wtforms.ext.sqlalchemy.fields import (QuerySelectField,
                                            QuerySelectMultipleField)
 
 from flaskbb.helpers import SelectDateWidget
+from flaskbb.extensions import db
 from flaskbb.forum.models import Category, Forum
 from flaskbb.user.models import User, Group
 
@@ -36,21 +37,17 @@ def select_primary_group():
     return Group.query.order_by(Group.id)
 
 
-def select_secondary_groups():
-    return Group.query.order_by(Group.id)
-
-
 class UserForm(Form):
     username = TextField("Username", validators=[
-        Required(message="Username required"),
+        Optional(),
         is_username])
 
     email = TextField("E-Mail", validators=[
-        Required(message="Email adress required"),
+        Optional(),
         Email(message="This email is invalid")])
 
     password = PasswordField("Password", validators=[
-        Required(message="Password required")])
+        Optional()])
 
     birthday = DateField("Birthday", format="%d %m %Y",
                          widget=SelectDateWidget(),
@@ -80,23 +77,30 @@ class UserForm(Form):
                                      query_factory=select_primary_group,
                                      get_label="name")
 
-    #secondary_groups = QuerySelectMultipleField(
-    #    "Secondary Groups", query_factory=select_secondary_groups,
-    #    allow_blank=True, get_label="name")
+    secondary_groups = QuerySelectMultipleField(
+        "Secondary Groups", allow_blank=True, get_label="name")
+
+    def __init__(self, user, *args, **kwargs):
+        self.user = user
+        kwargs['obj'] = self.user
+        super(UserForm, self).__init__(*args, **kwargs)
 
     def validate_username(self, field):
-        user = User.query.filter_by(username=field.data).first()
+        user = User.query.filter(db.and_(
+                                 User.username.like(field.data),
+                                 db.not_(User.id == self.user.id))).first()
         if user:
             raise ValidationError("This username is taken")
 
     def validate_email(self, field):
-        email = User.query.filter_by(email=field.data).first()
-        if email:
+        user = User.query.filter(db.and_(
+                                 User.email.like(field.data),
+                                 db.not_(User.id == self.user.id))).first()
+        if user:
             raise ValidationError("This email is taken")
 
     def save(self):
-        user = User(date_joined=datetime.utcnow(),
-                    **self.data)
+        user = User(**self.data)
         return user.save()
 
 
@@ -141,12 +145,37 @@ class GroupForm(Form):
         group = Group(**self.data)
         return group.save()
 
+
+class EditGroupForm(GroupForm):
+    def __init__(self, group, *args, **kwargs):
+        self.group = group
+        kwargs['obj'] = self.group
+        super(GroupForm, self).__init__(*args, **kwargs)
+
     def validate_banned(self, field):
-        if Group.query.filter_by(banned=True).count >= 1:
+        group = Group.query.filter(
+            db.and_(Group.banned == True,
+                    db.not_(Group.id == self.group.id))).count()
+        if field.data and group > 0:
             raise ValidationError("There is already a Banned group")
 
     def validate_guest(self, field):
-        if Group.query.filter_by(guest=True).count() >= 1:
+        group = Group.query.filter(
+            db.and_(Group.guest == True,
+                    db.not_(Group.id == self.group.id))).count()
+        if field.data and group > 0:
+            raise ValidationError("There is already a Guest group")
+
+
+class AddGroupForm(GroupForm):
+    def validate_banned(self, field):
+        group = Group.query.filter_by(banned=True).count()
+        if field.data and group > 0:
+            raise ValidationError("There is already a Banned group")
+
+    def validate_guest(self, field):
+        group = Group.query.filter_by(guest=True).count()
+        if field.data and group > 0:
             raise ValidationError("There is already a Guest group")
 
 
@@ -164,9 +193,12 @@ class ForumForm(Form):
                                 query_factory=selectable_categories,
                                 get_label="title")
 
-    def save(self, category):
-        forum = Forum(**self.data)
-        return forum.save(category=category)
+    def save(self):
+        forum = Forum(title=self.title.data,
+                      description=self.description.data,
+                      position=self.position.data,
+                      category_id=self.category.data.id)
+        return forum.save()
 
 
 class CategoryForm(Form):

flaskbb/admin/views.py

@@ -6,9 +6,10 @@ from flask import (Blueprint, render_template, current_app, request, redirect,
 
 from flaskbb import __version__ as flaskbb_version
 from flaskbb.decorators import admin_required
+from flaskbb.extensions import db
 from flaskbb.user.models import User, Group
 from flaskbb.forum.models import Post, Topic, Forum, Category
-from flaskbb.admin.forms import UserForm, GroupForm, ForumForm, CategoryForm
+from flaskbb.admin.forms import UserForm, AddGroupForm, EditGroupForm, ForumForm, CategoryForm
 
 
 admin = Blueprint("admin", __name__)
@@ -75,17 +76,34 @@ def forums():
 def edit_user(user_id):
     user = User.query.filter_by(id=user_id).first()
 
-    form = UserForm()
+    secondary_group_query = Group.query.filter(
+        db.not_(Group.id == user.primary_group_id))
+
+    form = UserForm(user)
+    form.secondary_groups.query = secondary_group_query
     if form.validate_on_submit():
-        form.populate_obj(user)
-        user.save()
+        user.username = form.username.data
+        user.email = form.email.data
+        user.birthday = form.birthday.data
+        user.gender = form.gender.data
+        user.website = form.website.data
+        user.location = form.location.data
+        user.signature = form.signature.data
+        user.avatar = form.avatar.data
+        user.notes = form.notes.data
+        user.primary_group_id = form.primary_group.data.id
+
+       # Don't override the password
+        if form.password.data:
+            user.password = form.password.data
+
+        user.save(groups=form.secondary_groups.data)
 
         flash("User successfully edited", "success")
         return redirect(url_for("admin.edit_user", user_id=user.id))
     else:
         form.username.data = user.username
         form.email.data = user.email
-        form.password.data = user.password
         form.birthday.data = user.birthday
         form.gender.data = user.gender
         form.website.data = user.website
@@ -93,8 +111,9 @@ def edit_user(user_id):
         form.signature.data = user.signature
         form.avatar.data = user.avatar
         form.notes.data = user.notes
-        form.primary_group.data = user.primary_group_id
-        #form.secondary_groups.data = user.groups
+        form.primary_group.data = user.primary_group
+        if
+        form.secondary_groups.query = secondary_group_query
 
     return render_template("admin/edit_user.html", form=form)
 
@@ -125,13 +144,13 @@ def add_user():
 def edit_group(group_id):
     group = Group.query.filter_by(id=group_id).first()
 
-    form = GroupForm()
+    form = EditGroupForm(group)
     if form.validate_on_submit():
         form.populate_obj(group)
         group.save()
 
         flash("Group successfully edited.", "success")
-        return redirect(url_for("admin.edit_group", group_id=group.id))
+        return redirect(url_for("admin.groups", group_id=group.id))
     else:
         form.name.data = group.name
         form.description.data = group.description
@@ -161,7 +180,7 @@ def delete_group(group_id):
 @admin.route("/groups/add", methods=["GET", "POST"])
 @admin_required
 def add_group():
-    form = GroupForm()
+    form = AddGroupForm()
     if form.validate_on_submit():
         form.save()
         flash("Group successfully added.", "success")
@@ -177,7 +196,10 @@ def edit_forum(forum_id):
 
     form = ForumForm()
     if form.validate_on_submit():
-        form.populate_obj(forum)
+        forum.title = form.title.data
+        forum.description = form.description.data
+        forum.position = form.position.data
+        forum.category_id = form.category.data.id
         forum.save()
 
         flash("Forum successfully edited.", "success")
@@ -186,7 +208,7 @@ def edit_forum(forum_id):
         form.title.data = forum.title
         form.description.data = forum.description
         form.position.data = forum.position
-        form.category.data = forum.category_id
+        form.category.data = forum.category
         #form.moderators.data = forum.moderators
 
     return render_template("admin/edit_forum.html", form=form)

flaskbb/auth/forms.py

@@ -65,6 +65,7 @@ class RegisterForm(Form):
                     password=self.password.data,
                     date_joined=datetime.utcnow(),
                     primary_group=4)
+        user.groups.append(4)
         return user.save()
 
 

flaskbb/user/models.py

@@ -17,7 +17,6 @@ from flask import current_app
 from flask.ext.login import UserMixin, AnonymousUserMixin
 from flaskbb.extensions import db, cache
 from flaskbb.forum.models import Post, Topic
-from flaskbb.pms.models import PrivateMessage
 
 
 groups_users = db.Table('groups_users',
@@ -212,10 +211,11 @@ class User(db.Model, UserMixin):
         for group in self.groups.all():
             for c in group.__table__.columns:
                 # try if the permission already exists in the dictionary
-                # and if the permission is true, go to the next permission
+                # and if the permission is true, set it to True
                 try:
-                    if perms[c.name]:
-                        continue
+                    if not perms[c.name] and getattr(group, c.name):
+                        perms[c.name] = True
+
                 # if the permission doesn't exist in the dictionary
                 # add it to the dictionary
                 except KeyError:
@@ -263,7 +263,10 @@ class User(db.Model, UserMixin):
                 return False
         return True
 
-    def save(self):
+    def save(self, groups=None):
+        if groups:
+            for group in groups:
+                self.add_to_group(group)
         db.session.add(self)
         db.session.commit()
         return self