=============================================== How to give user ability to change the password =============================================== First we create a "Change password" item. While creating it we set the "Virtual table" and "Visible" attributes to false in the :doc:`Item Editor Dialog `. And we add to it two fields: "Old password", "New password" We'll use this item for displaying "Change password" dialog. To open this dialog we add a "Change password" menu item with id "pass" in the index.html: .. code-block:: html
and in the task client module :doc:`on_page_loaded ` event handler add the following code: .. code-block:: js if (task.change_password.can_view()) { $("#menu-right #pass a").click(function(e) { e.preventDefault(); task.change_password.open({open_empty: true}); task.change_password.append_record(); }); } else { $("#menu-right #pass a").hide(); } It will check if the user has the right to view item and then opens an empty dataset and creates an edit form, otherwise it hides this menu item. In the "Change password" client module we add the following code: .. code-block:: js function on_edit_form_created(item) { item.edit_form.find("#ok-btn") .off('click.task') .on('click', function() { change_password(item); }); item.edit_form.find("#cancel-btn") .off('click.task') .on('click', function() { item.close_edit_form(); }); } function change_password(item) { item.post(); item.server('change_password', [item.old_password.value, item.new_password.value], function(res) { if (res) { item.warning('Password has been changed.
The application will be reloaded.', function() { task.logout(); location.reload(); }); } else { item.alert_error("Can't change the password."); item.edit(); } }); } function on_field_changed(field, lookup_item) { var item = field.owner; if (field.field_name === 'old_password') { item.server('check_old_password', [field.value], function(error) { if (error) { item.alert_error(error); } }); } } function on_edit_form_close_query(item) { return true; } In it we reassign **OK** and **Cancel** button click events. By default they are defined in the task client module to save record changes to the database and cancel editing. In the ``on_edit_form_close_query`` even handler we return true so the ``on_edit_form_close_query`` declared in the task client module, that shows "Yes No Cancel" disalog won't be executed. The ``on_field_changed`` event handler will check if old password is correct. It and the ``change_password`` function send requests to the server to execute functions defined in the item server module: .. code-block:: py def change_password(item, old_password, new_password): user_id = item.session['user_info']['user_id'] users = item.task.users.copy(handlers=False) users.set_where(id=user_id) users.open() same_password = item.task.check_password_hash(users.password_hash.value, old_password) if users.rec_count== 1 and same_password: users.edit() users.password_hash.value = item.task.generate_password_hash(new_password) users.post() users.apply() return True else: return False def check_old_password(item, old_password): user_id = item.session['user_info']['user_id'] users = item.task.users.copy(handlers=False) users.set_where(id=user_id) users.open() same_password = item.task.check_password_hash(users.password_hash.value, old_password) if users.rec_count == 1 and same_password: return else: return 'Invalid password' They use session to get id of the current user. After changing the password the client reloads.