def show_current_session(session_id=None): if session_id is None: return redirect('/session/viewall') db = Database() # get all current entries and load up session_name = db.get_session_name(session_id) entries = [] for db_entry in db.get_entries_for_session(session_id): entry = { 'entry_id': db_entry['entry_id'], 'value': db_entry['value'], 'time_created': db_entry['time_created'] } if not is_logged_in(): entry['can_update'] = False else: if db.is_user_id_administrator( flask_session['user_id'] ) or db_entry['creator_id'] == flask_session['user_id']: entry['can_update'] = True entries.append(entry) return render_template('view_session.html', session_name=session_name, entries=entries)
def view_sessions(): db = Database() is_admin = False if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): is_admin = True sessions = [] for db_session in db.get_all_sessions(): session = { 'name': db_session['name'], 'session_id': db_session['session_id'], 'time_created': db_session['time_created'] } if is_logged_in(): session['can_resume'] = True if is_admin or flask_session['user_id'] == db_session['creator_id']: session['has_control'] = True else: session['has_control'] = False last_modified = db.last_modified(db_session['session_id'])[0] if (last_modified != None): session['last_modified'] = last_modified else: session['last_modified'] = '' sessions.append(session) return render_template('view_sessions.html', sessions=sessions)
def delete_user(user_id): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): db.delete_user(user_id) return redirect_to_referrer()
def delete_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): db.disable_entry(entry_id) else: return "Invalid permissions" return redirect_to_referrer()
def view_all_users(): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): users = [] for db_user in db.get_all_users(): is_admin = db.is_user_id_administrator(db_user['user_id']) user = { 'user_id': db_user['user_id'], 'username': db_user['username'], 'first_name': db_user['first_name'], 'last_name': db_user['last_name'], 'admin': 1 if is_admin else 0 } users.append(user) return render_template('view_users.html', users=users) else: flash('You must be logged in as an administrator to view this page.', 'danger') return redirect('/')
def toggle_admin_for_user(user_id): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): user = db.get_user_by_id(user_id) role_id = user['role_id'] if role_id == db.get_administrator_role_id(): role_id = db.get_user_role_id() else: role_id = db.get_administrator_role_id() db.update_users_role(user_id, role_id) return redirect_to_referrer() else: flash( 'You must be logged in as an administrator to perform this operation.', 'danger') return redirect_to_referrer()
def modify_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' if not is_current_session_set(): return 'Session_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): new_value = request.data.decode('utf-8') db.update_entry(entry_id, new_value) return "OK" # clear entry_option_id # clear category_id?? # update user id?? (if admin changed it) else: return "Invalid permissions"