def get_current_balance_from_user_id(user_id=None, currency_id=None): if user_id is None: user_id = g.user['id'] elif user_id != g.user['id']: abort(403) if currency_id is None: balances = get_db().execute( 'SELECT ' ' c.id as currency_id, title, code, purchase_rate, sale_rate,' ' b.id as balance_id, balance, user_id' ' FROM currency c' ' LEFT JOIN balance b on c.id = b.currency_id' ' AND b.user_id = ?', (user_id,) ).fetchall() else: balances = get_db().execute( 'SELECT ' ' c.id as currency_id, title, code, purchase_rate, sale_rate,' ' b.id as balance_id, balance, user_id' ' FROM currency c' ' LEFT JOIN balance b on c.id = b.currency_id' ' AND b.user_id = ?' ' WHERE c.id = ?', (user_id, currency_id) ).fetchone() if balances is None: abort(404, "balances for user id {0} doesn't exist.".format(user_id)) return balances
def create(): if request.method == 'POST': balance = request.form['balance'] user_id = request.form['user_id'] currency_id = request.form['currency_id'] error = None if not balance: error = 'Balance is required.' if not user_id: error = 'User is required.' if not currency_id: error = 'Currency is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO balance (balance, user_id, currency_id)' ' VALUES (?, ?, ?)', (balance, g.user['id'], currency_id) ) db.commit() return redirect(url_for('balance.index')) return render_template('balance/create.html')
def create(): if request.method == 'POST': amount = request.form['amount'] comment = request.form['comment'] sender_id = request.form['sender_id'] receiver_id = request.form['receiver_id'] currency_id = request.form['currency_id'] error = None if not amount: error = 'Amount is required.' if not sender_id: error = 'Sender is required.' if not receiver_id: error = 'Receiver is required.' if not currency_id: error = 'Currency is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO user_move' ' (amount, comment, sender_id, receiver_id, currency_id)' ' VALUES (?, ?, ?, ?, ?)', (amount, comment, sender_id, receiver_id, currency_id)) db.commit() return redirect(url_for('user_move.index')) return render_template('user_move/create.html')
def create(): if request.method == 'POST': title = request.form['title'] code = request.form['code'] purchase_rate = request.form['purchase_rate'] sale_rate = request.form['sale_rate'] error = None if not title: error = 'Title is required.' elif not code: error = 'Code is required.' elif not purchase_rate: error = 'Purchase Rate is required.' elif not sale_rate: error = 'Sale Rate is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO currency (title, code, purchase_rate, sale_rate)' ' VALUES (?, ?, ?, ?)', (title, code, purchase_rate, sale_rate)) db.commit() return redirect(url_for('currency.index')) return render_template('currency/create.html')
def update(id): currency = get_currency(id) if request.method == 'POST': title = request.form['title'] code = request.form['code'] purchase_rate = request.form['purchase_rate'] sale_rate = request.form['sale_rate'] error = None if not title: error = 'Title is required.' elif not code: error = 'Code is required.' elif not purchase_rate: error = 'Purchase Rate is required.' elif not sale_rate: error = 'Sale Rate is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE currency SET title = ?, code = ?, purchase_rate, sale_rate = ? WHERE id = ?', (title, code, purchase_rate, sale_rate, id)) db.commit() return redirect(url_for('currency.index')) return render_template('currency/update.html', currency=post)
def register(): """Register a new user. Validates that the username is not already taken. Hashes the password for security. """ if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {0} is already registered.'.format(username) if error is None: # the name is available, store it in the database and go to # the login page db.execute('INSERT INTO user (username, password) VALUES (?, ?)', (username, generate_password_hash(password))) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def delete(id): get_balance(id) db = get_db() db.execute('DELETE FROM balance WHERE id = ?', (id,)) db.commit() return redirect(url_for('balance.index'))
def index(): db = get_db() user_moves = db.execute( 'SELECT' ' m.id, amount, comment, currency_id, sender_id, receiver_id, created' ' FROM user_move m JOIN user u ON m.sender_id = u.id JOIN user r ON m.receiver_id = r.id JOIN currency c ON m.currency_id = c.id' ' ORDER BY created DESC').fetchall() return render_template('user_move/index.html', user_moves=user_moves)
def get_user_move(id): user_move = get_db().execute( 'SELECT' ' m.id, amount, comment, currency_id, sender_id, receiver_id, created' ' FROM user_move m JOIN user u ON m.sender_id = u.id JOIN user r ON m.receiver_id = r.id JOIN currency c ON m.currency_id = c.id' ' WHERE m.id = ?', (id, )).fetchone() return user_move
def index(): db = get_db() balances = db.execute( 'SELECT b.id, balance, user_id, currency_id, b.created' ' FROM balance b JOIN user u ON b.user_id = u.id JOIN currency c ON b.currency_id = c.id' ' ORDER BY b.created DESC' ).fetchall() return render_template('balance/index.html', balances=balances)
def index(): """Show all the posts, most recent first.""" db = get_db() posts = db.execute( 'SELECT p.id, title, body, p.created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' ORDER BY p.created DESC').fetchall() balances = get_current_balance_from_user_id() return render_template('blog/index.html', posts=posts, balances=balances)
def load_logged_in_user(): """If a user id is stored in the session, load the user object from the database into ``g.user``.""" user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def get_currency(id, check_author=True): currency = get_db().execute( 'SELECT c.id, title, code, created, purchase_rate, sale_rate' ' FROM currency c' ' WHERE c.id = ?', (id, )).fetchone() if currency is None: abort(404, "currency id {0} doesn't exist.".format(id)) return currency
def delete(id): """Delete a post. Ensures that the post exists and that the logged in user is the author of the post. """ get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id, )) db.commit() return redirect(url_for('blog.index'))
def get_balance(id, check_author=True): balance = get_db().execute( 'SELECT b.id, balance, user_id, currency_id, b.created' ' FROM balance b JOIN currency c ON b.currency_id = c.id' ' WHERE b.id = ?', (id,) ).fetchone() if balance is None: abort(404, "balance id {0} doesn't exist.".format(id)) if check_author and balance['user_id'] != g.user['id']: abort(403) return balance
def get_user_moves_from_user(user_id=None): if user_id is None: user_id = g.user['id'] elif user_id != g.user['id']: abort(403) user_moves = get_db().execute( 'SELECT' ' m.id, amount, comment, currency_id, sender_id, receiver_id, created' ' FROM user_move m JOIN user u ON m.sender_id = u.id JOIN user r ON m.receiver_id = r.id JOIN currency c ON m.currency_id = c.id' ' WHERE m.sender_id = ? or m.receiver_id = ?', ( user_id, user_id, )).fetchall() if user_moves is None: abort(404, "user_move id {0} doesn't exism.".format(id)) return user_moves
def update(id): user_move = get_user_move(id) if request.method == 'POST': amount = request.form['amount'] error = None if not amount: error = 'Amount is required.' if error is not None: flash(error) else: db = get_db() db.execute('UPDATE user_move SET amount = ? WHERE id = ?', (amount, id)) db.commit() return redirect(url_for('user_move.index')) return render_template('user_move/update.html', user_move=user_move)
def create(): """Create a new post for the current user.""" if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO post (title, body, author_id)' ' VALUES (?, ?, ?)', (title, body, g.user['id'])) db.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html')
def update(id): """Update a post if the current user is the author.""" post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute('UPDATE post SET title = ?, body = ? WHERE id = ?', (title, body, id)) db.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def update(id): balance = get_balance(id) if request.method == 'POST': balance_value = request.form['balance'] error = None if not balance_value: error = 'Balance is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE balance SET balance = ? WHERE id = ?', (balance_value, id) ) db.commit() return redirect(url_for('balance.index')) return render_template('balance/update.html', balance=balance)
def get_post(id, check_author=True): """Get a post and its author by id. Checks that the id exists and optionally that the current user is the author. :param id: id of post to get :param check_author: require the current user to be the author :return: the post with author information :raise 404: if a post with the given id doesn't exist :raise 403: if the current user isn't the author """ post = get_db().execute( 'SELECT p.id, title, body, p.created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id, )).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post['author_id'] != g.user['id']: abort(403) return post
def login(): """Log in a registered user by adding the user id to the session.""" if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: # store the user id in a new session and return to the index session.clear() session['user_id'] = user['id'] return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def get_currencies(): db = get_db() return db.execute( 'SELECT c.id, title, code, created, purchase_rate, sale_rate' ' FROM currency c' ' ORDER BY created DESC').fetchall()
def delete(id): get_currency(id) db = get_db() db.execute('DELETE FROM currency WHERE id = ?', (id, )) db.commit() return redirect(url_for('currency.index'))
def delete(id): get_user_move(id) db = get_db() db.execute('DELETE FROM user_move WHERE id = ?', (id, )) db.commit() return redirect(url_for('user_move.index'))