def users_update(account_id):
# if method is GET
if request.method == 'GET':
account = User.query.get_or_404(account_id)
photos = User.find_user_pictures(account_id)
form = AccountForm()
form.username.data = account.username
form.email.data = account.email
return render_template("users/edit.html",
account=account,
form=form,
photos=photos)
else:
form = AccountForm(CombinedMultiDict((request.files, request.form)))
account = User.query.filter_by(username=form.username.data).first()
photos = User.find_user_pictures(account_id)
if current_user.get_id() != int(account_id):
return render_template("users/edit.html",
account=account,
form=form,
photos=photos,
message="You cannot edit this profile!",
message_style="danger")
if not form.validate():
return render_template("users/edit.html",
account=account,
form=form,
photos=photos)
account.password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
account.email = form.email.data
f = form.photo.data
filename = secure_filename(f.filename)
extension = filename.split(".")
extension = extension[1]
hashed_filename = str(uuid.uuid4()) + "." + extension
f.save(os.getcwd() + "/application/static/images/" + hashed_filename)
photo = Photo(hashed_filename, 'deetailit', True)
photo.account_id = current_user.id
db.session().add(photo)
db.session().add(account)
db.session().commit()
return redirect(url_for("users_index"))
def account_create():
form = AccountForm(request.form)
if not form.validate():
return render_template("auth/new_account.html", form=form)
u = User(request.form.get("username"), request.form.get("username"),
request.form.get("password"))
db.session().add(u)
db.session().commit()
return redirect(url_for("index"))
def create_user():
form = AccountForm(request.form)
if not form.validate():
return render_template("auth/new.html", form=form)
name = form.name.data
username = form.username.data
password = form.password.data
role = "USER"
user = User(name, username, password, role)
db.session.add(user)
db.session.commit()
return redirect(url_for('auth_login'))
def account_create():
form = AccountForm(request.form)
if not form.validate():
return render_template("auth/new_user.html", form = form)
account = User(form.name.data, form.username.data, form.password.data, user_role = "ADMIN")
db.session().add(account)
db.session().commit()
return redirect(url_for("index"))
def accounts_update(account_id):
accountform = AccountForm(request.form)
# check if username is whitespaces only
char1 = False
email = False
not_same = False
messages = []
messages.append("THESE ARE THE CONDITIONS YOU MUST PAST")
messages.append("*username must be 2 character length")
messages.append("*password must be 8 character length")
messages.append("*motto must be 2 character length")
messages.append("*email must be 6 character length and must be real email")
# email check
for c in accountform.email.data:
if c == '@':
char1 = True
if char1 == True:
if c == '.':
email = True
if not accountform.password.data == accountform.password2.data:
messages.append("*password was not same")
not_same = True
if not accountform.validate() or email == False or accountform.username.data.isspace() or not_same == True:
return render_template("auth/index.html",
accountform = AccountForm(),
errors = messages,
account=current_user,
my_channels=Channel.get_my_channels(current_user.id),
all_channels=Channel.get_channels_where_not_in(current_user.id),
channels=Account.find_accounts_channels(current_user.id),
public_channels=Channel.get_all_publics(),
messages=Message.query.filter_by(account_id=current_user.id),
comments=Comment.get_comment_message_and_channel_id(current_user.id))
account = Account.query.get(account_id)
account.username = accountform.username.data
account.password = accountform.password.data
account.motto = accountform.motto.data
account.email = accountform.email.data
db.session().commit()
return redirect(url_for("single_account_index"))
def accounts_create():
form = AccountForm(request.form)
if not form.validate():
return render_template("auth/newAccount.html", form = form)
a = User(form.name.data)
a.username = form.username.data
a.password = form.password.data
a.role = form.role.data
db.session().add(a)
db.session().commit()
return redirect(url_for("index"))
def account_create():
if request.method == "GET":
return render_template("auth/new.html",
accountform = AccountForm(),
my_channels=Channel.get_my_channels(current_user.id),
all_channels=Channel.get_channels_where_not_in(current_user.id),
public_channels=Channel.get_all_publics())
messages = []
messages.append("THESE ARE THE CONDITIONS YOU MUST PAST")
messages.append("*username must be 2 character length")
messages.append("*password must be 8 character length")
messages.append("*motto must be 2 character length")
messages.append("*email must be 6 character length and must be real email")
accountform = AccountForm(request.form)
password_wrong = ""
not_same = False
if not accountform.password.data == accountform.password2.data:
password_wrong="Passwords must be same"
not_same = True
if not accountform.validate() or not_same == True:
return render_template("frontpage.html",
accountform = AccountForm(),
error="somethin went wrong :(",
pass_error = password_wrong,
errors=messages)
account = Account(accountform.username.data, accountform.password.data, accountform.motto.data, accountform.email.data)
account.admin = False
if current_user.is_authenticated:
if request.form.get("super") == "True":
account.admin = True
db.session().add(account)
db.session().commit()
# this happens if admin is creating account
if current_user.is_authenticated:
return redirect(url_for("one_channel_index", channel_id=1, sort="first"))
return redirect(url_for("auth_login"))
def frontpage(sort):
if current_user.is_authenticated:
return redirect(url_for('one_channel_index', channel_id=1, sort='first'))
return render_template("frontpage.html",
accountform=AccountForm())
def auth_create_new():
if request.method == "GET":
return render_template("/auth/accountform.html", form=AccountForm())
form = AccountForm(request.form)
if not form.validate():
return render_template("/auth/accountform.html", form=form)
u = User(request.form.get("name"), request.form.get("username"),
request.form.get("password"))
db.session.add(u)
db.session.commit()
return render_template("auth/loginform.html",
form=LoginForm(),
error="now, try logging in")
def single_account_index(account_id):
account = Account.query.get(account_id)
return render_template("auth/index.html",
account = account,
accountform = AccountForm(),
channels = Account.find_accounts_channels(account_id),
my_channels=Channel.get_my_channels(account_id),
all_channels=Channel.get_channels_where_not_in(account_id),
public_channels=Channel.get_all_publics(),
messages=Message.query.filter_by(account_id=account_id),
comments=Comment.get_comment_message_and_channel_id(account_id))
def users_create():
old = Account.query.filter_by(name=request.form.get("username")).first()
if old:
return render_template("users/new.html",
form=AccountForm(),
error="That name is taken")
form = AccountForm(request.form)
if not form.validate():
return render_template(
"users/new.html",
form=AccountForm(),
error="Minimum length for name and password is 3")
u = Account(request.form.get("username"), request.form.get("password"))
db.session().add(u)
db.session().commit()
return render_template("users/loginform.html",
form=LoginForm(),
error="Please login to complete signup")
def auth_view_by_id(account_id):
account = User.query.get(account_id)
# number_of_events = User.find_number_of_events_associated_with_specific_account(account_id)
own_events = User.find_events_created_by_account(account_id)
events_of_interest = User.find_events_associated_with_specific_account(
account_id)
return render_template("auth/single.html",
account=account,
form=AccountForm(),
number_of_events=0,
own_events=own_events,
events_of_interest=events_of_interest)
def account_update(account_id):
if not current_user.admin:
return "Access denied"
user = User.query.get(account_id)
form = AccountForm(request.form)
departments = Dept.query.all()
form.departments.choices = [(department.departmentID, department.name)
for department in departments]
# This is needed to validate the form correctly
value = dict(form.departments.choices).get(form.departments.data)
if not form.validate():
return render_template("auth/edit.html", user=user, form=form)
user.firstName = form.firstname.data
user.lastName = form.lastname.data
user.department = form.departments.data
if form.admin.data == False:
user.admin = 0
else:
user.admin = 1
db.session.commit()
return redirect(url_for("accounts_index"))
def account_edit(account_id):
if not current_user.admin:
return "Access denied"
user = User.query.get(account_id)
departments = Dept.query.all()
form = AccountForm(username=user.userID,
firstname=user.firstName,
lastname=user.lastName,
admin=user.admin,
departments=user.department)
form.departments.choices = [(department.departmentID, department.name)
for department in departments]
return render_template("auth/edit.html", user=user, form=form)
def users_form():
return render_template("auth/new.html", form=AccountForm())
def account_form():
return render_template("auth/new_user.html", form = AccountForm())