Bugfix sort books list and user list

Prevent transferring password hash to client

cps/admin.py

@@ -37,7 +37,7 @@ from flask_babel import gettext as _
 from sqlalchemy import and_
 from sqlalchemy.orm.attributes import flag_modified
 from sqlalchemy.exc import IntegrityError, OperationalError, InvalidRequestError
-from sqlalchemy.sql.expression import func, or_
+from sqlalchemy.sql.expression import func, or_, text
 
 from . import constants, logger, helper, services
 from .cli import filepicker
@@ -244,6 +244,13 @@ def list_users():
     off = request.args.get("offset") or 0
     limit = request.args.get("limit") or 10
     search = request.args.get("search")
+    sort = request.args.get("sort")
+    order = request.args.get("order")
+    if sort and order:
+        order = text(sort + " " + order)
+    else:
+        order = ub.User.name.desc()
+
     all_user = ub.session.query(ub.User)
     if not config.config_anonbrowse:
         all_user = all_user.filter(ub.User.role.op('&')(constants.ROLE_ANONYMOUS) != constants.ROLE_ANONYMOUS)
@@ -252,10 +259,10 @@ def list_users():
         users = all_user.filter(or_(func.lower(ub.User.name).ilike("%" + search + "%"),
                                     func.lower(ub.User.kindle_mail).ilike("%" + search + "%"),
                                     func.lower(ub.User.email).ilike("%" + search + "%")))\
-            .offset(off).limit(limit).all()
+            .order_by(order).offset(off).limit(limit).all()
         filtered_count = len(users)
     else:
-        users = all_user.offset(off).limit(limit).all()
+        users = all_user.order_by(order).offset(off).limit(limit).all()
         filtered_count = total_count
 
     for user in users:

cps/config_sql.py

@@ -24,7 +24,7 @@ import sys
 from sqlalchemy import exc, Column, String, Integer, SmallInteger, Boolean, BLOB, JSON
 from sqlalchemy.exc import OperationalError
 try:
-    # Compability with sqlalchemy 2.0
+    # Compatibility with sqlalchemy 2.0
     from sqlalchemy.orm import declarative_base
 except ImportError:
     from sqlalchemy.ext.declarative import declarative_base

cps/db.py

@@ -33,7 +33,7 @@ from sqlalchemy.orm.collections import InstrumentedList
 from sqlalchemy.ext.declarative import DeclarativeMeta
 from sqlalchemy.exc import OperationalError
 try:
-    # Compability with sqlalchemy 2.0
+    # Compatibility with sqlalchemy 2.0
     from sqlalchemy.orm import declarative_base
 except ImportError:
     from sqlalchemy.ext.declarative import declarative_base
@@ -393,7 +393,7 @@ class AlchemyEncoder(json.JSONEncoder):
         if isinstance(o.__class__, DeclarativeMeta):
             # an SQLAlchemy class
             fields = {}
-            for field in [x for x in dir(o) if not x.startswith('_') and x != 'metadata']:
+            for field in [x for x in dir(o) if not x.startswith('_') and x != 'metadata' and x!="password"]:
                 if field == 'books':
                     continue
                 data = o.__getattribute__(field)

cps/gdriveutils.py

@@ -29,7 +29,7 @@ from sqlalchemy import Column, UniqueConstraint
 from sqlalchemy import String, Integer
 from sqlalchemy.orm import sessionmaker, scoped_session
 try:
-    # Compability with sqlalchemy 2.0
+    # Compatibility with sqlalchemy 2.0
     from sqlalchemy.orm import declarative_base
 except ImportError:
     from sqlalchemy.ext.declarative import declarative_base

cps/static/js/table.js

@@ -460,8 +460,7 @@ $(function() {
             $("input[data-name='passwd_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
             $("input[data-name='edit_shelf_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
             $("input[data-name='sidebar_read_and_unread'][data-pk='"+guest.data("pk")+"']").prop("disabled", true);
-            // ToDo: Disable delete
-
+            $(".user-remove[data-pk='"+guest.data("pk")+"']").prop("disabled", true);
         },
 
         // eslint-disable-next-line no-unused-vars
@@ -604,7 +603,7 @@ function EbookActions (value, row) {
 /* Function for deleting books */
 function UserActions (value, row) {
     return [
-        "<div class=\"user-remove\" data-target=\"#GeneralDeleteModal\" title=\"Remove\">",
+        "<div class=\"user-remove\" data-pk=\"" + row.id + "\" data-target=\"#GeneralDeleteModal\" title=\"Remove\">",
         "<i class=\"glyphicon glyphicon-trash\"></i>",
         "</div>"
     ].join("");
@@ -624,9 +623,9 @@ function singleUserFormatter(value, row) {
 
 function checkboxFormatter(value, row, index){
     if(value & this.column)
-        return '<input type="checkbox" class="chk" data-pk="' + row.id + '" data-name="' + this.name + '" checked onchange="checkboxChange(this, ' + row.id + ', \'' + this.field + '\', ' + this.column + ')">';
+        return '<input type="checkbox" class="chk" data-pk="' + row.id + '" data-name="' + this.field + '" checked onchange="checkboxChange(this, ' + row.id + ', \'' + this.name + '\', ' + this.column + ')">';
     else
-        return '<input type="checkbox" class="chk" data-pk="' + row.id + '" data-name="' + this.name + '" onchange="checkboxChange(this, ' + row.id + ', \'' + this.field + '\', ' + this.column + ')">';
+        return '<input type="checkbox" class="chk" data-pk="' + row.id + '" data-name="' + this.field + '" onchange="checkboxChange(this, ' + row.id + ', \'' + this.name + '\', ' + this.column + ')">';
 }
 
 function checkboxChange(checkbox, userId, field, field_index) {
@@ -733,6 +732,11 @@ function user_handle (userId) {
     });
 }
 
+function checkboxSorter(a, b, c, d)
+{
+    return a - b
+}
+
 function test(){
     console.log("hello");
 }

cps/ub.py

@@ -44,7 +44,7 @@ from sqlalchemy import String, Integer, SmallInteger, Boolean, DateTime, Float,
 from sqlalchemy.orm.attributes import flag_modified
 from sqlalchemy.sql.expression import func
 try:
-    # Compability with sqlalchemy 2.0
+    # Compatibility with sqlalchemy 2.0
     from sqlalchemy.orm import declarative_base
 except ImportError:
     from sqlalchemy.ext.declarative import declarative_base

cps/web.py

@@ -755,11 +755,12 @@ def books_table():
 def list_books():
     off = request.args.get("offset") or 0
     limit = request.args.get("limit") or config.config_books_per_page
-    # sort = request.args.get("sort")
-    if request.args.get("order") == 'desc':
-        order = [db.Books.timestamp.desc()]
+    sort = request.args.get("sort")
+    order = request.args.get("order")
+    if sort and order:
+        order = [text(sort + " " + order)]
     else:
-        order = [db.Books.timestamp.asc()]
+        order = [db.Books.timestamp.desc()]
     search = request.args.get("search")
     total_count = calibre_db.session.query(db.Books).count()
     if search: