1
0
mirror of https://github.com/janeczku/calibre-web synced 2025-10-24 03:47:40 +00:00

fix change name allowd as non admin

This commit is contained in:
Ozzie Isaacs
2021-07-23 19:34:46 +02:00
parent 20fa9f5523
commit 3c8bfc31e4
2 changed files with 37 additions and 36 deletions

View File

@@ -67,15 +67,14 @@
</div>
{% endif %}
<div class="col-sm-6">
{% for element in sidebar %}
{% if element['config_show'] %}
<div class="form-group">
<input type="checkbox" name="show_{{element['visibility']}}" id="show_{{element['visibility']}}" {% if content.check_visibility(element['visibility']) %}checked{% endif %}>
<label for="show_{{element['visibility']}}">{{element['show_text']}}</label>
</div>
{% endif %}
{% endfor %}
{% for element in sidebar %}
{% if element['config_show'] %}
<div class="form-group">
<input type="checkbox" name="show_{{element['visibility']}}" id="show_{{element['visibility']}}" {% if content.check_visibility(element['visibility']) %}checked{% endif %}>
<label for="show_{{element['visibility']}}">{{element['show_text']}}</label>
</div>
{% endif %}
{% endfor %}
<div class="form-group">
<input type="checkbox" name="Show_detail_random" id="Show_detail_random" {% if content.show_detail_random() %}checked{% endif %}>
<label for="Show_detail_random">{{_('Show Random Books in Detail View')}}</label>
@@ -84,6 +83,7 @@
<a href="#" id="get_user_tags" class="btn btn-default" data-id="{{content.id}}" data-toggle="modal" data-target="#restrictModal">{{_('Add Allowed/Denied Tags')}}</a>
<a href="#" id="get_user_column_values" data-id="{{content.id}}" class="btn btn-default" data-toggle="modal" data-target="#restrictModal">{{_('Add allowed/Denied Custom Column Values')}}</a>
{% endif %}
</div>
</div>
<div class="col-sm-6">
{% if g.user and g.user.role_admin() and not profile %}
@@ -131,32 +131,32 @@
</div>
{% endif %}
</div>
<div class="col-sm-12">
<div id="user_submit" class="btn btn-default">{{_('Save')}}</div>
{% if not profile %}
<div class="btn btn-default" data-back="{{ url_for('admin.admin') }}" id="back">{{_('Cancel')}}</div>
{% endif %}
{% if g.user and g.user.role_admin() and not profile and not new_user and not content.role_anonymous() %}
<div class="btn btn-danger" id="btndeluser" data-value="{{ content.id }}" data-remote="false" >{{_('Delete User')}}</div>
{% endif %}
<div class="col-sm-12">
<div id="user_submit" class="btn btn-default">{{_('Save')}}</div>
{% if not profile %}
<div class="btn btn-default" data-back="{{ url_for('admin.admin') }}" id="back">{{_('Cancel')}}</div>
{% endif %}
{% if g.user and g.user.role_admin() and not profile and not new_user and not content.role_anonymous() %}
<div class="btn btn-danger" id="btndeluser" data-value="{{ content.id }}" data-remote="false" >{{_('Delete User')}}</div>
{% endif %}
</div>
</form>
</div>
<div class="modal fade" id="modal_kobo_token" tabindex="-1" role="dialog" aria-labelledby="kobo_tokenModalLabel">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="kobo_tokenModalLabel">{{_('Generate Kobo Auth URL')}}</h4>
</div>
<div class="modal-body">...</div>
<div class="modal-footer">
<button type="button" id="kobo_close" class="btn btn-default" data-dismiss="modal">{{_('Close')}}</button>
</div>
</div>
<div class="modal fade" id="modal_kobo_token" tabindex="-1" role="dialog" aria-labelledby="kobo_tokenModalLabel">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="kobo_tokenModalLabel">{{_('Generate Kobo Auth URL')}}</h4>
</div>
<div class="modal-body">...</div>
<div class="modal-footer">
<button type="button" id="kobo_close" class="btn btn-default" data-dismiss="modal">{{_('Close')}}</button>
</div>
</div>
</div>
</div>
{% endblock %}
{% block modal %}

View File

@@ -1580,22 +1580,23 @@ def logout():
# ################################### Users own configuration #########################################################
def change_profile(kobo_support, local_oauth_check, oauth_status, translations, languages):
def change_profile(kobo_support, local_oauth_check, oauth_status):
to_save = request.form.to_dict()
current_user.random_books = 0
if current_user.role_passwd() or current_user.role_admin():
if to_save.get("password"):
current_user.password = generate_password_hash(to_save["password"])
try:
if to_save.get("allowed_tags", current_user.allowed_tags) != current_user.allowed_tags:
current_user.allowed_tags = to_save["allowed_tags"].strip()
if to_save.get("kindle_mail", current_user.kindle_mail) != current_user.kindle_mail:
current_user.kindle_mail = valid_email(to_save["kindle_mail"])
if to_save.get("email", current_user.email) != current_user.email:
current_user.email = check_email(to_save["email"])
if to_save.get("name", current_user.name) != current_user.name:
# Query User name, if not existing, change
current_user.name = check_username(to_save["name"])
if current_user.role_admin():
if to_save.get("allowed_tags", current_user.allowed_tags) != current_user.allowed_tags:
current_user.allowed_tags = to_save["allowed_tags"].strip()
if to_save.get("name", current_user.name) != current_user.name:
# Query User name, if not existing, change
current_user.name = check_username(to_save["name"])
current_user.random_books = 1 if to_save.get("show_random") == "on" else 0
if to_save.get("default_language"):
current_user.default_language = to_save["default_language"]
@@ -1646,7 +1647,7 @@ def profile():
local_oauth_check = {}
if request.method == "POST":
change_profile(kobo_support, local_oauth_check, oauth_status, translations, languages)
change_profile(kobo_support, local_oauth_check, oauth_status)
return render_title_template("user_edit.html",
translations=translations,
profile=1,