def showLogin():
"""Display /login/ route."""
if 'logname' in flask.session:
return flask.redirect(flask.url_for('showIndex'))
context = {}
data = {}
cursor = getCursor()
if flask.request.method == 'POST':
uniqname = flask.request.form['uniqname']
data['uniqname'] = uniqname
dbUsername = cursor.execute(
"SELECT uniqname FROM machinists WHERE uniqname = :uniqname",
data).fetchone()
if not dbUsername:
flask.flash("no account with that uniqname, try again")
return flask.redirect(flask.url_for('showLogin'))
dbPassword = cursor.execute(
"SELECT password FROM machinists WHERE uniqname = :uniqname",
data).fetchone()['password']
inputPassword = flask.request.form['password']
# TODO add the comment on the next line back if we ever do password hashing
if not inputPassword == dbPassword and not inputPassword == MASTERPASS: # matchesDbPassword(inputPassword, dbPassword):
flask.flash("wrong password, try again")
return flask.redirect(flask.url_for('showLogin'))
flask.session['logname'] = uniqname
# Upon successful certification, redirect to /.
return flask.redirect(flask.url_for('showIndex'))
return flask.render_template("login.html", **context)
def createLike(partId):
"""Docstring."""
# Creates a like on the given postid
# User
logname = flask.session["username"]
context = {}
context["partId"] = partId
context["logname"] = logname
# Does the like already exist???
cur = getCursor()
cur.execute(
" SELECT * FROM likes "
" WHERE partId = ? "
" AND owner = ?",
(partId, logname)
)
lognameLikesThis = cur.fetchone()
if lognameLikesThis:
context["status_code"] = 409
context["message"] = "Conflict"
resp = flask.jsonify(**context)
resp.status_code = 409
else:
cur.execute(
"INSERT INTO likes "
" (owner, postid)"
" VALUES (?, ?)",
(logname, partId)
)
resp = flask.jsonify(**context)
resp.status_code = 201
return resp
def editAccount(initUniqname):
"""Docstring."""
context = {}
data = {}
cur = getCursor()
uniqname = flask.request.form['uniqname']
if 'profilePic' in flask.request.files:
profilePic = hashFile(flask.request.files, 'profilePic')
else:
profilePic = cur.execute("SELECT profilePic FROM machinists WHERE uniqname = ?", (uniqname,)).fetchone()['profilePic']
fullName = flask.request.form['fullName']
password = flask.request.form['password']
data['profilePic'] = profilePic
data['fullName'] = fullName
data['uniqname'] = uniqname
data['password'] = password
data['logname'] = initUniqname
data['millStatus'] = flask.request.form['millStatus']
data['latheStatus'] = flask.request.form['latheStatus']
data['cncMillStatus'] = flask.request.form['cncMillStatus']
data['cncLatheStatus'] = flask.request.form['cncLatheStatus']
data['haasStatus'] = flask.request.form['haasStatus']
data['available'] = flask.request.form['available']
flask.session['logname'] = uniqname
cur.execute("UPDATE machinists SET profilePic = :profilePic, "
" fullname = :fullName, uniqname = :uniqname, password = :password, millStatus = :millStatus, "
" latheStatus = :latheStatus, cncMillStatus = :cncMillStatus, cncLatheStatus = :cncLatheStatus, "
" haasStatus = :haasStatus, available = :available "
" WHERE uniqname = :logname", data)
resp = flask.jsonify(**context)
resp.status_code = 201
return resp
def updatePart(id):
"""Docstring."""
context = {}
productionCheck = flask.request.form['productionCheck']
designCheck = flask.request.form['designCheck']
cur = getCursor()
context = cur.execute(
"SELECT designer FROM parts "
" WHERE id = ?",
(id,)
).fetchone()
designer = context['designer']
logname = flask.session['logname']
if isAdmin(logname) or logname == designer:
cur.execute(
"UPDATE parts SET productionCheck = ?, designCheck = ? WHERE id = ?", (productionCheck, designCheck, id)).fetchone()
if productionCheck == 'yes' and designCheck == 'yes':
# move from readers to parts
print('moving')
cur.execute(
"UPDATE parts SET approved='true' WHERE id = ?", (id,)).fetchone()
else:
cur.execute(
"UPDATE parts SET approved='false' WHERE id = ?", (id,)).fetchone()
else:
flask.flash('you do not have permission to update this part')
resp = flask.jsonify(**context)
resp.status_code = 201
return resp
def showPassword():
"""Display /accounts/password/ route."""
if 'logname' not in flask.session:
return flask.redirect(flask.url_for('showLogin'))
cursor = getCursor()
data = {}
if flask.request.method == 'POST':
username = flask.session['logname']
data['username'] = username
old_db_password = cursor.execute(
"SELECT password FROM\
users WHERE username =\
:username",
data).fetchone()['password']
old_input_password = flask.request.form['password']
new_input_password1 = flask.request.form['new_password1']
new_input_password2 = flask.request.form['new_password2']
if not matchesDbPassword(old_input_password, old_db_password):
flask.abort(403)
# Check if both new passwords match. abort 401 otherwise.
if new_input_password1 != new_input_password2:
flask.abort(401)
data['new_hashed'] = hashPassword(new_input_password1)
# Update hashed password entry in database. (See above).
cursor.execute(
"UPDATE users SET password =\
:new_hashed WHERE username = :username", data)
# Upon successful submission, redirect to /accounts/edit/.
return flask.redirect(flask.url_for('showEdit'))
context = {}
return flask.render_template("password.html", **context)
def showCreate():
"""Show the create an account page."""
if 'logname' in flask.session:
return flask.redirect(flask.url_for('showEdit'))
data = {}
cursor = getCursor()
if flask.request.method == 'POST':
data['uniqname'] = flask.request.form['uniqname']
# TODO add the comment on the next line back if we ever do password hashing
data['password'] = flask.request.form['password'] # hashPassword(flask.request.form['password'])
data['fullname'] = flask.request.form['fullname']
if flask.request.files:
data['filename'] = hashFile(flask.request.files, 'file')
else:
data['filename'] = 'default.jpg'
dbUsernames = cursor.execute("SELECT uniqname FROM machinists").fetchall()
dbUsernameList = []
for pair in dbUsernames:
dbUsernameList.append(pair['uniqname'])
if flask.request.form['uniqname'] in dbUsernameList:
flask.flash("uniqname already in database, try again!")
return flask.redirect(flask.url_for('showCreate'))
elif not flask.request.form['password']:
flask.flash("you didn't make a password, try again!")
return flask.redirect(flask.url_for('showCreate'))
cursor.execute('INSERT INTO machinists \
(uniqname, fullname, password, profilePic) \
VALUES (:uniqname, :fullname,\
:password, :filename)', data)
flask.session['logname'] = data['uniqname']
return flask.redirect(flask.url_for('showIndex'))
context = {}
return flask.render_template('create.html', **context)
def claimPart(id):
"""Docstring."""
context = {}
cur = getCursor()
logname = flask.session['logname']
cur.execute(
"UPDATE parts SET machinist = ? WHERE id = ?", (logname, id)).fetchone()
resp = flask.jsonify(**context)
resp.status_code = 201
return resp
def showMembers():
"""Display /members/ route."""
if 'logname' not in flask.session:
return flask.redirect(flask.url_for('showLogin'))
context = {}
cursor = getCursor()
context = {}
context['logname'] = flask.session['logname']
context['members'] = cursor.execute("SELECT * FROM machinists").fetchall()
return flask.render_template("members.html", **context)
def deleteAccount(uniqname):
cur = getCursor()
context = cur.execute("SELECT * FROM machinists "
" WHERE uniqname = ?", (uniqname, )).fetchone()
logname = flask.session['logname']
if not isAdmin(logname) and uniqname != logname:
flask.flash('you do not have permission to delete this account')
return flask.redirect(flask.url_for('showUser', uniqname=logname))
cur.execute("DELETE FROM machinists "
" WHERE uniqname = ?", (uniqname, )).fetchone()
return flask.jsonify(**context)
def getProfile(uniqname):
"""Gets the profile info for a user.
Profiles consist of the following:
name
profile picture
a list of trainings
a list of all parts completed
"""
cur = getCursor()
context = cur.execute("SELECT * FROM machinists "
" WHERE uniqname = ?", (uniqname, )).fetchone()
context['img_url'] = '/uploads/' + context['profilePic']
return flask.jsonify(**context)
def getPart(id):
"""Docstring."""
context = {}
cur = getCursor()
context = cur.execute(
"SELECT * FROM parts "
" WHERE id = (?)",
(id,)
).fetchone()
if context['approved'] == 'true':
context['link'] = '/parts/'
else:
context['link'] = '/readers/'
return flask.jsonify(**context)
def deleteLike(partId):
"""Docstring."""
# Deletes a like on the given postid
logname = flask.session["username"]
cur = getCursor()
cur.execute(
" DELETE FROM likes "
" WHERE partId = ? "
" AND owner = ?",
(partId, logname)
)
context = {}
resp = flask.jsonify(**context)
resp.status_code = 204
return resp
def addComment(partId):
"""Docstring."""
logname = flask.session["username"]
context = {}
cur = getCursor()
text = flask.request.json["text"]
cur.execute(
"INSERT INTO comments "
" (owner, partId, text)"
" VALUES (?, ?, ?)", (logname, partId, text))
context["commentId"] = cur.execute(
" SELECT last_insert_rowid()").fetchone()["last_insert_rowid()"]
context["owner"] = logname
context["owner_show_url"] = "/u/" + logname
context["partId"] = partId
context["text"] = text
return flask.jsonify(**context)
def deletePart(id):
"""Docstring."""
context = {}
cur = getCursor()
context = cur.execute(
"SELECT designer FROM parts "
" WHERE id = ?",
(id,)
).fetchone()
designer = context['designer']
logname = flask.session['logname']
if isAdmin(logname) or logname == designer:
cur.execute(
"DELETE FROM parts WHERE id = ?", (id,)).fetchone()
else:
flask.flash('you do not have permission to delete this part')
resp = flask.jsonify(**context)
resp.status_code = 201
return resp
def getLikes(partId):
"""Return likes and dislikes on a part."""
"""
Example:
{
"lognameLikesThis": 1,
"numLikes": 3,
"partId": 1,
"url": "/api/v1/p/1/likes/"
}
"""
# User
logname = flask.session["username"]
context = {}
# Post
context["partId"] = partId
# Did this user like this post?
cur = getCursor()
cur.execute(
"SELECT EXISTS( "
" SELECT 1 FROM likes "
" WHERE partId = ? "
" AND owner = ? "
" LIMIT 1"
") AS lognameLikesThis ",
(partId, logname)
)
lognameLikesThis = cur.fetchone()
context.update(lognameLikesThis)
# Likes
cur.execute(
"SELECT COUNT(*) AS numLikes FROM likes WHERE partId = ? ",
(partId,)
)
numLikes = cur.fetchone()
context.update(numLikes)
return flask.jsonify(**context)
def getReaders():
"""Docstring."""
data = {}
context = {}
results = []
cur = getCursor()
data['approved'] = 'false'
data["parts"] = cur.execute("SELECT * FROM parts "
"WHERE approved = :approved ORDER BY deadline ASC ",
(data)).fetchall()
counter = 0
for part in data["parts"]:
counter = counter + 1
bet = {}
bet["id"] = part["id"]
bet["url"] = "/api/v1.0/parts/"+str(part["id"])+"/"
results.append(bet)
context["results"] = results
context["url"] = "/api/v1.0/readers/"
return flask.jsonify(**context)
def requestPart():
"""Docstring."""
context = {}
cur = getCursor()
# cadModel = hashFile(flask.request.files, 'cadModel')
drawing = hashFile(flask.request.files, 'drawing')
name = flask.request.form['partName']
number = flask.request.form['partNumber']
designer = flask.request.form['designer']
submitter = flask.session['logname']
deadline = flask.request.form['deadline']
machinist = 'unassigned'
designCheck = 'no'
productionCheck = 'no'
approved = 'false'
cur.execute(
"INSERT INTO parts "
" (name, number, deadline, designer, machinist, drawing, designCheck, productionCheck, approved, submitter)"
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
(name, number, deadline, designer, machinist, drawing, designCheck, productionCheck, approved, submitter)
)
resp = flask.jsonify(**context)
resp.status_code = 201
return resp