def post_create(order_id):
order = OrderModel.find_by_id(order_id)
form = PostCreateForm()
if form.validate_on_submit():
post = TrackingModel(message=form.message.data,
order_id=order_id,
staff_id=form.staff_id.data,
user_id=form.user_id.data)
post.save_to_db()
if form.attachment.data:
storage_filename = save_attachment(form.attachment.data, post.id)
attachment = AttachmentModel(attachment_name=storage_filename,
track_log_id=post.id)
attachment.save_to_db()
return redirect(url_for("order.order_info", order_id=order_id))
if is_user(current_user):
form.staff_id.data = order.staff_id
form.user_id.data = current_user.id
else:
form.user_id.data = order.user_id
form.staff_id.data = current_user.id
return render_template("post_create.html", form=form)
def user_account():
if is_user(current_user):
user_id = current_user.id
else:
user_id = request.args.get("user_id", type=int)
user = UserModel.find_by_id(user_id)
return render_template("user_account.html", user=user)
def staff_info():
page = request.args.get("page", 1, type=int)
if is_user(current_user):
return render_error_page_unauthorized_access()
if is_admin(current_user):
staffs= StaffModel.find_all()
elif is_company_admin(current_user) or is_staff(current_user):
staffs= StaffModel.find_by_company_id(current_user.company_id)
staffs = staffs.paginate(page=page, per_page=5)
return render_template("staff_info.html", staffs=staffs)
def user_list ():
# no access to users(customers)
if is_user(current_user):
return render_error_page_unauthorized_access()
# admin sees all users
if is_admin(current_user):
users = UserModel.find_all()
# company_admin and staff sees all users of their company
if is_company_admin or is_staff:
pass
page = request.args.get("page", 1, type=int)
users = users.paginate(page=page, per_page=5)
return render_template("user_list.html", users=users)
def order_list():
page = request.args.get("page", 1, type=int)
if is_admin(current_user):
orders = OrderModel.find_all().paginate(page=page, per_page=5)
elif is_company_admin(current_user):
orders = OrderModel.find_by_company(current_user.company).paginate(
page=page, per_page=5)
# orders=OrderModel.find_by_company_id(current_user.company_id).paginate(page=page, per_page=5)
elif is_staff(current_user):
orders = OrderModel.find_by_staff_id(current_user.id).paginate(
page=page, per_page=5)
elif is_user(current_user):
orders = OrderModel.find_by_user_id(current_user.id).paginate(
page=page, per_page=5)
return render_template("order_list.html", orders=orders)
def order_create():
if is_user(current_user):
return render_error_page_unauthorized_access()
form = OrderCreateForm()
if form.validate_on_submit():
order = OrderModel(ur_code=form.ur_code.data,
name=form.name.data,
staff_id=form.staff_id.data)
order.save_to_db()
return redirect(url_for("order.order_info", order_id=order.id))
order_number = generate_and_validate_order_number(generate_order_number)
generate_qrcode(order_number)
form.ur_code.data = order_number
form.staff_id.data = current_user.id
extension = ".jpg"
return render_template("order_create.html", form=form, extension=extension)
def staff_register():
if is_user(current_user) or is_staff(current_user):
return render_error_page_unauthorized_access()
form = StaffCreateForm()
if form.validate_on_submit():
if is_company_admin(current_user) and current_user.company_id !=form.company_id.data:
return render_error_page_unauthorized_access()
try:
staff = StaffModel(
form.username.data,
form.role.data,
generate_password_hash(form.password.data),
form.company_id.data)
staff.save_to_db()
except:
return {"message":"something went wrong"}
return redirect(url_for("staff.staff_info"))
return render_template("staff_register.html", form = form)
def user_update():
if is_staff(current_user) or is_company_admin(current_user):
return render_error_page_unauthorized_access()
if is_user(current_user):
user_id = current_user.id
elif is_admin(current_user):
user_id = request.args.get("user_id")
user = UserModel.find_by_id(user_id)
form = UserUpdateForm()
if form.validate_on_submit():
user.email=form.email.data
user.phone = form.phone.data
user.password_hash = generate_password_hash(form.password.data)
user.save_to_db()
return render_template("user_account.html", user=user)
form.email.data = user.email
form.phone.data = user.phone
return render_template("user_update.html", form=form)