def stafflist_get():
_un, _role = loggeduser(request)
if _un is None:
return redirect('/login')
if _role == 'parent':
return '<h1>No authority!</h1><p>Login as admin please.</p>'
return render_template('stafflist.html', loggeduser=_un)
def pg_parent_get():
# # get secret_key
# get username, role, check role
_un, _role = loggeduser(request)
if _un is None:
resp = redirect('/login')
return resp
# if role is incorrect, redirect
if _role == 'admin' or _role == 'staff':
resp = redirect('/admin')
return resp
# get child info
_sk = request.cookies.get("secret_key", type=str)
if _sk is None or _sk not in gv.logged:
resp = redirect('/login')
return resp
pid = gv.logged[_sk]['id']
_status = get_child_status_by_pid(pid, _sk)
_s = None
if 'send' in gv.logged[_sk] and gv.logged[_sk]['send']:
del gv.logged[_sk]['send']
_s = gv.logged[_sk]['secret']
# return page
return render_template('index_parent.html',
status=_status,
loggeduser=_un,
secret=_s)
def addstaff_get():
_un, _role = loggeduser(request)
if _un is None:
return redirect('/login')
if _role == 'parent' or _role == 'staff':
return '<h1>No authority!</h1><p>Parent can not add parent account, login as admin please.</p>'
return render_template('addstaff.html', loggeduser=_un)
def alterstaff_get():
_un, _role = loggeduser(request)
if _un is None:
return redirect('/login')
if _role == 'parent' or _role == 'staff':
return '<h1>No authority!</h1><p>Login as admin please.</p>'
_id = request.args.get('id')
return render_template('alterstaff.html', loggeduser=_un, id=_id)
def childinfo_get():
_cid = request.args.get('id')
if _cid is None:
abort(404)
_un, _role = loggeduser(request)
return render_template('infopage.html',
loggeduser=_un,
uid=_cid,
role='childinfo')
def error(e):
app.logger.debug("error occurred: %s" % e)
_un, _role = loggeduser(request)
try:
return render_template('error.html', code=int(e.code), loggeduser=_un)
except Exception as e:
app.logger.debug('exception is %s' % e)
finally:
return render_template('error.html', code=int(e.code), loggeduser=_un)
def addstatus_get():
_un, _role = loggeduser(request)
if _un is None:
return redirect('/login')
if _role == 'parent':
return '<h1>No authority!</h1><p>Login as admin or staff please.</p>'
_type = request.args.get('type')
if _type is None:
abort(404)
return render_template('addstatus.html', type=_type, loggeduser=_un)
def userinfo_get():
_un, _role = loggeduser(request)
if _un is None:
return redirect('/login')
_sk = request.cookies.get("secret_key", type=str)
_uid = gv.logged[_sk]['id']
_role = gv.logged[_sk]['role'].lower() + 'info'
return render_template('infopage.html',
loggeduser=_un,
uid=_uid,
role=_role)
def pg_admin_get():
# get username, role, check role
_sk = request.cookies.get("secret_key", type=str)
_un, _role = loggeduser(request)
if _un is None:
resp = redirect('/login')
return resp
if _role != 'admin' and _role != 'staff':
resp = redirect('/login')
return resp
_s = None
if 'send' in gv.logged[_sk] and gv.logged[_sk]['send']:
del gv.logged[_sk]['send']
_s = gv.logged[_sk]['secret']
return render_template('index_admin.html',
loggeduser=_un,
role=_role,
secret=_s)
def logoutpage():
_un, _role = loggeduser(request)
if _un is not None:
_sk = request.cookies.get("secret_key", type=str)
del gv.logged[_sk]
return redirect("/")
def file_get():
_fid = request.args.get('id')
if _fid is None:
abort(404)
_un, _role = loggeduser(request)
return render_template('file.html', loggeduser=_un, fid=_fid)
def filelist_get():
_un, _role = loggeduser(request)
return render_template('filelist.html', loggeduser=_un)
def alterchild_get():
_cid = request.args.get('id')
if _cid is None:
abort(404)
_un, _role = loggeduser(request)
return render_template('alterchild.html', loggeduser=_un, cid=_cid)
def addchild_get():
_un, _role = loggeduser(request)
return render_template('addchild.html', loggeduser=_un)
def about():
_un, _role = loggeduser(request)
_infopg = _role.lower() + 'info'
return render_template('about.html', loggeduser=_un, infopg=_infopg)
def upfile():
_un, _role = loggeduser(request)
return render_template('upfile.html', loggeduser=_un)
def resetpw_get():
_un, _role = loggeduser(request)
return render_template('resetpw.html', loggeduser=_un)
def login_page():
# get next_url
next_url = request.form.get('next_url')
if next_url is None:
next_url = request.args.get('next_url')
nu2 = "/"
if next_url is not None:
nu2 = parse.unquote(next_url)
# login
if request.method == 'POST':
_sk = request.form.get('secret_key', type=str)
_loginres = login()
if _loginres['code'] == 0:
# login successfully
# check role and redirect
_role = gv.logged[_sk]['role']
if _role == 'admin' or _role == 'staff':
nu2 = 'admin'
else:
nu2 = 'parent'
resp = redirect(nu2 or "/")
# set cookies
resp.set_cookie('username',
gv.logged[_sk]['un'].encode("utf-8", "ignore"),
max_age=259200)
resp.set_cookie('secret_key',
_sk.encode("utf-8", "ignore"),
max_age=259200)
resp.set_cookie('token',
gv.logged[_sk]['token'].encode("utf-8", "ignore"),
max_age=259200)
gv.logged[_sk]['send'] = True
return resp
elif _loginres['code'] == 30:
if _sk in gv.secrets:
del gv.secrets[_sk]
# already logged
return redirect(nu2 or "/")
else:
# login failed
if _sk in gv.secrets:
del gv.secrets[_sk]
_sec = get_secret()
return render_template("login.html",
next_url=next_url,
secret=_sec['data'][0],
errormsg=_loginres["msg"])
# GET
_un, _role = loggeduser(request)
if _un is not None:
if _role in ['admin', 'staff']:
resp = redirect('admin')
return resp
if _role == 'parent':
resp = redirect('parent')
return resp
return redirect('about')
_sec = get_secret()
return render_template('login.html',
next_url=next_url,
secret=_sec['data'][0])