add routes related to user profile and password update: /api/user/change-password and /me

pod/pod/controllers/api.py

@@ -29,6 +29,7 @@ from pod import model as pm
 from pod.lib.auth import can_read, can_write
 
 from pod.controllers import apimenu as pcam
+from pod.controllers import apiuserprofile as pcaum
 
 
 FIXME_ERROR_CODE=-1
@@ -40,6 +41,7 @@ class PODApiController(BaseController):
     allow_only = tgp.in_group('user', msg=l_('You need to login in order to access this ressource'))
 
     menu = pcam.PODApiMenuController()
+    user = pcaum.PODApiUserProfileController()
 
     def on_off_to_boolean(self, on_or_off):
         return True if on_or_off=='on' else False

pod/pod/controllers/apiuserprofile.py

@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+
+import tg
+from tg.i18n import ugettext as _, lazy_ugettext as l_
+
+from pod.lib import base as plb
+from pod.lib import dbapi as pld
+import pod.model as pm
+
+class PODApiUserProfileController(plb.BaseController):
+
+    @tg.expose()
+    def change_password(self, current_password, new_password1, new_password2):
+        current_user = pld.PODStaticController.getCurrentUser()
+
+        redirect_url = tg.lurl('/me')
+        if not current_password or not new_password1 or not new_password2:
+            tg.flash(_('Empty password is not allowed.'))
+            tg.redirect(redirect_url)
+
+        if current_user.validate_password(current_password) is False:
+            tg.flash(_('The current password you typed is wrong'))
+            tg.redirect(redirect_url)
+        # else:
+        if new_password1!=new_password2:
+            tg.flash(_('The current password you typed is wrong'))
+            tg.redirect(redirect_url)
+        # else:
+        current_user.password = new_password1
+        pm.DBSession.flush()
+
+        tg.flash(_('The password has been successfully changed'))
+        tg.redirect(redirect_url)

pod/pod/controllers/root.py

@@ -176,3 +176,9 @@ class RootController(BaseController):
         return dict()
 
 
+    @expose('pod.templates.user_profile')
+    @require(predicates.in_group('user', msg=l_('Please login to access this page')))
+    def me(self):
+        """Handle the about-page."""
+        me = pld.PODStaticController.getCurrentUser()
+        return dict(current_user = me)

pod/pod/templates/master.mak

@@ -194,12 +194,9 @@ ${self.toggle_view_mode()}
               <li class="dropdown">
                 <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> ${request.identity['user'].display_name}</a>
                 <ul class="dropdown-menu pull-right">
-                  <li class="text-center">
-                    <fieldset>
-                      <legend><i class="fa fa-key"></i> Logout</legend>
-                      <a class="btn btn-danger" href="${tg.url('/logout_handler')}">Logout <i class="fa fa-power-off"></i> </a>
-                    </fieldset>
-                    <p></p>
+                    <li><a href="${tg.url('/me')}"><i class="fa fa-user"></i> My profile</a></li>
+                    <li class="divider"></li>
+                    <li><a href="${tg.url('/logout_handler')}"><i class="fa fa-power-off"></i> Logout</a></li>
                  </ul>
               </li>
             % endif

pod/pod/templates/user_profile.mak

@@ -0,0 +1,80 @@
+<%inherit file="local:templates.master"/>
+<%namespace name="POD" file="pod.templates.pod"/>
+
+<%def name="title()">
+pod :: your dashboard
+</%def>
+
+  <div class="row">
+      <div class="span6">
+          ## USER PROFILE PANEL
+          <div id='user-profile'>
+              <h3>${_("My Profile")}</h3>
+              <form class="form-horizontal">
+                  <div class="control-group">
+                      <label class="control-label" for="displayName">${_('Visible Name')}</label>
+                      <div class="controls">                        
+                          <div class="input-prepend">
+                              <span class="add-on"><i class="fa fa-user"></i></span>
+                              <input id="displayName" type="text" readonly="readonly" placeholder="Name" value="${current_user.display_name}">
+                        </div>
+                      </div>
+                  </div>
+
+                  <div class="control-group">
+                      <label class="control-label" for="emailAddress">${_('Email Address')}</label>
+                      <div class="controls">                        
+                          <div class="input-prepend">
+                              <span class="add-on"><i class="fa fa-envelope-o"></i></span>
+                              <input id="emailAddress" type="text" readonly="readonly" placeholder="Email Address" value="${current_user.email_address}">
+                        </div>
+                      </div>
+                  </div>
+
+                  <div class="control-group">
+                      <label class="control-label" for="displayName">${_('Groups')}</label>
+                      <div class="controls">
+                          % for group in current_user.groups:
+                            <span class="label">${group.getDisplayName()}</span>
+                          % endfor
+                      </div>
+                  </div>
+              </form>
+          </div>
+      </div>
+
+      <div class="span6">
+          <div id='user-password-change' class="well">
+              <p class="text-center"><b>${_('I want to change my password...')}</b></p>
+              <form class="form-horizontal" method="POST" action="${tg.url('/api/user/change-password')}">
+                  <div class="control-group">
+                      <label class="control-label" for="currentPassword">${_('Current Password')}</label>
+                      <div class="controls">
+                          <input type="password" id="currentPassword" name="current_password" placeholder="${_('Current Password')}">
+                      </div>
+                  </div>
+                  <div class="control-group">
+                      <label class="control-label" for="newPassword1">${_('New Password')}</label>
+                      <div class="controls">
+                          <input type="password" id="newPassword1" name="new_password1" placeholder="${_('New Password')}">
+                      </div>
+                  </div>
+                  <div class="control-group">
+                      <label class="control-label" for="newPassword2">${_('Retype New Password')}</label>
+                      <div class="controls">
+                          <input type="password" id="newPassword2" name="new_password2" placeholder="${_('Retype New Password')}">
+                      </div>
+                  </div>
+
+                  <div class="control-group">
+                      <div class="controls">
+                          <button type="submit" class="btn btn-success"><i class="fa fa-check"></i> ${_('Save changes')}</button>
+                      </div>
+                  </div>
+              </form>
+    
+            ## WHAT'S HOT PANEL [END]
+          </div>
+      </div>
+  </div>
+