Better contact form

2025-06-05 21:05:15 +02:00
parent f65265b4a5
commit 57fa221d47
6 changed files with 106 additions and 120 deletions
--- a/routes/contacts.py
+++ b/routes/contacts.py
@@ -98,95 +98,61 @@ def new_contact():
    form = UserForm()
    total_admins = User.query.filter_by(is_admin=True).count()
    if request.method == 'GET':
-        form.is_admin.data = False  # Ensure admin role is unchecked by default
-        form.is_manager.data = False  # Ensure manager role is unchecked by default
+        form.role.data = 'user'  # Default to standard user
    elif request.method == 'POST':
-        if 'is_admin' not in request.form:
-            form.is_admin.data = False
-        if 'is_manager' not in request.form:
-            form.is_manager.data = False
+        if form.validate_on_submit():
+            # Check if a user with this email already exists
+            existing_user = User.query.filter_by(email=form.email.data).first()
+            if existing_user:
+                flash('A user with this email already exists.', 'error')
+                return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)
+            
+            # Handle profile picture upload
+            profile_picture = None
+            file = request.files.get('profile_picture')
+            if file and file.filename:
+                filename = secure_filename(file.filename)
+                file_path = os.path.join(UPLOAD_FOLDER, filename)
+                file.save(file_path)
+                profile_picture = filename

-    if form.validate_on_submit():
-        # Check if a user with this email already exists
-        existing_user = User.query.filter_by(email=form.email.data).first()
-        if existing_user:
-            flash('A user with this email already exists.', 'error')
-            return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)
-        
-        # Handle profile picture upload
-        profile_picture = None
-        file = request.files.get('profile_picture')
-        if file and file.filename:
-            filename = secure_filename(file.filename)
-            file_path = os.path.join(UPLOAD_FOLDER, filename)
-            file.save(file_path)
-            profile_picture = filename
+            # Generate a random password
+            alphabet = string.ascii_letters + string.digits + string.punctuation
+            random_password = ''.join(secrets.choice(alphabet) for _ in range(32))

-        # Generate a random password
-        alphabet = string.ascii_letters + string.digits + string.punctuation
-        random_password = ''.join(secrets.choice(alphabet) for _ in range(32))
+            # Create new user
+            user = User(
+                username=form.first_name.data,
+                last_name=form.last_name.data,
+                email=form.email.data,
+                phone=form.phone.data,
+                company=form.company.data,
+                position=form.position.data,
+                notes=form.notes.data,
+                is_admin=(form.role.data == 'admin'),
+                is_manager=(form.role.data == 'manager'),
+                profile_picture=profile_picture
+            )
+            user.set_password(random_password)
+            db.session.add(user)

-        # Create new user account
-        user = User(
-            username=form.first_name.data,
-            last_name=form.last_name.data,
-            email=form.email.data,
-            phone=form.phone.data,
-            company=form.company.data,
-            position=form.position.data,
-            notes=form.notes.data,
-            is_active=True,  # Set default value
-            is_admin=form.is_admin.data,
-            is_manager=form.is_manager.data,
-            profile_picture=profile_picture
-        )
-        user.set_password(random_password)
-        db.session.add(user)
-        db.session.commit()
+            # Log user creation event
+            log_event(
+                event_type='user_create',
+                details={
+                    'created_by': current_user.id,
+                    'created_by_name': f"{current_user.username} {current_user.last_name}",
+                    'user_id': user.id,
+                    'user_name': f"{user.username} {user.last_name}",
+                    'email': user.email,
+                    'role': form.role.data,
+                    'method': 'admin_creation'
+                }
+            )
+            db.session.commit()

-        # Create password setup token
-        token = secrets.token_urlsafe(32)
-        setup_token = PasswordSetupToken(
-            user_id=user.id,
-            token=token,
-            expires_at=datetime.utcnow() + timedelta(hours=24)
-        )
-        db.session.add(setup_token)
-        db.session.commit()
-
-        # Create notification for the new user
-        create_notification(
-            notif_type='account_created',
-            user_id=user.id,
-            sender_id=current_user.id,  # Admin who created the account
-            details={
-                'message': 'Your DocuPulse account has been created by an administrator.',
-                'username': user.username,
-                'email': user.email,
-                'created_by': f"{current_user.username} {current_user.last_name}",
-                'timestamp': datetime.utcnow().isoformat(),
-                'setup_link': url_for('auth.setup_password', token=token, _external=True)
-            }
-        )
-
-        # Log user creation event
-        log_event(
-            event_type='user_create',
-            details={
-                'created_by': current_user.id,
-                'created_by_name': f"{current_user.username} {current_user.last_name}",
-                'user_id': user.id,
-                'user_name': f"{user.username} {user.last_name}",
-                'email': user.email,
-                'is_admin': user.is_admin,
-                'is_manager': user.is_manager,
-                'method': 'admin_creation'
-            }
-        )
-        db.session.commit()
-
-        flash('User created successfully! They will receive an email with a link to set up their password.', 'success')
-        return redirect(url_for('contacts.contacts_list'))
+            flash('User created successfully! They will receive an email with a link to set up their password.', 'success')
+            return redirect(url_for('contacts.contacts_list'))
    return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)

@contacts_bp.route('/profile/edit', methods=['GET', 'POST'])
@@ -287,7 +253,13 @@ def edit_contact(id):
        form.company.data = user.company
        form.position.data = user.position
        form.notes.data = user.notes
-        form.is_admin.data = user.is_admin
+        # Set role based on current permissions
+        if user.is_admin:
+            form.role.data = 'admin'
+        elif user.is_manager:
+            form.role.data = 'manager'
+        else:
+            form.role.data = 'user'
    if form.validate_on_submit():
        # Handle profile picture removal
        if 'remove_picture' in request.form:
@@ -315,9 +287,10 @@ def edit_contact(id):
            user.profile_picture = filename

        # Prevent removing admin from the last admin
-        if not form.is_admin.data and user.is_admin and total_admins <= 1:
+        if form.role.data != 'admin' and user.is_admin and total_admins <= 1:
            flash('There must be at least one admin user in the system.', 'error')
            return render_template('contacts/form.html', form=form, title='Edit User', total_admins=total_admins, user=user)
+
        # Check if the new email is already used by another user
        if form.email.data != user.email:
            existing_user = User.query.filter_by(email=form.email.data).first()
@@ -332,7 +305,7 @@ def edit_contact(id):
            'phone': user.phone,
            'company': user.company,
            'position': user.position,
-            'is_admin': user.is_admin
+            'role': 'admin' if user.is_admin else 'manager' if user.is_manager else 'user'
        }

        user.username = form.first_name.data
@@ -342,7 +315,8 @@ def edit_contact(id):
        user.company = form.company.data
        user.position = form.position.data
        user.notes = form.notes.data
-        user.is_admin = form.is_admin.data
+        user.is_admin = (form.role.data == 'admin')
+        user.is_manager = (form.role.data == 'manager')

        # Set password if provided
        password_changed = False
@@ -366,6 +340,7 @@ def edit_contact(id):
                    'phone': user.phone,
                    'company': user.company,
                    'position': user.position,
+                    'role': form.role.data,
                    'password_changed': password_changed
                },
                'timestamp': datetime.utcnow().isoformat()
@@ -387,7 +362,7 @@ def edit_contact(id):
                    'phone': user.phone,
                    'company': user.company,
                    'position': user.position,
-                    'is_admin': user.is_admin
+                    'role': form.role.data
                },
                'password_changed': password_changed,
                'method': 'admin_update'