def show_current_session(session_id=None):
if session_id is None:
return redirect('/session/viewall')
db = Database()
# get all current entries and load up
session_name = db.get_session_name(session_id)
entries = []
for db_entry in db.get_entries_for_session(session_id):
entry = {
'entry_id': db_entry['entry_id'],
'value': db_entry['value'],
'time_created': db_entry['time_created']
}
if not is_logged_in():
entry['can_update'] = False
else:
if db.is_user_id_administrator(
flask_session['user_id']
) or db_entry['creator_id'] == flask_session['user_id']:
entry['can_update'] = True
entries.append(entry)
return render_template('view_session.html',
session_name=session_name,
entries=entries)
def view_sessions():
db = Database()
is_admin = False
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
is_admin = True
sessions = []
for db_session in db.get_all_sessions():
session = {
'name': db_session['name'],
'session_id': db_session['session_id'],
'time_created': db_session['time_created']
}
if is_logged_in():
session['can_resume'] = True
if is_admin or flask_session['user_id'] == db_session['creator_id']:
session['has_control'] = True
else:
session['has_control'] = False
last_modified = db.last_modified(db_session['session_id'])[0]
if (last_modified != None):
session['last_modified'] = last_modified
else:
session['last_modified'] = ''
sessions.append(session)
return render_template('view_sessions.html', sessions=sessions)
def delete_user(user_id):
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
db.delete_user(user_id)
return redirect_to_referrer()
def delete_entry(entry_id):
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
db = Database()
db_entry = db.get_entry(entry_id)
if db_entry['creator_id'] == get_current_user_id(
) or db.is_user_id_administrator(get_current_user_id()):
db.disable_entry(entry_id)
else:
return "Invalid permissions"
return redirect_to_referrer()
def view_all_users():
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
users = []
for db_user in db.get_all_users():
is_admin = db.is_user_id_administrator(db_user['user_id'])
user = {
'user_id': db_user['user_id'],
'username': db_user['username'],
'first_name': db_user['first_name'],
'last_name': db_user['last_name'],
'admin': 1 if is_admin else 0
}
users.append(user)
return render_template('view_users.html', users=users)
else:
flash('You must be logged in as an administrator to view this page.',
'danger')
return redirect('/')
def toggle_admin_for_user(user_id):
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
user = db.get_user_by_id(user_id)
role_id = user['role_id']
if role_id == db.get_administrator_role_id():
role_id = db.get_user_role_id()
else:
role_id = db.get_administrator_role_id()
db.update_users_role(user_id, role_id)
return redirect_to_referrer()
else:
flash(
'You must be logged in as an administrator to perform this operation.',
'danger')
return redirect_to_referrer()
def modify_entry(entry_id):
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
if not is_current_session_set():
return 'Session_id is not set'
db = Database()
db_entry = db.get_entry(entry_id)
if db_entry['creator_id'] == get_current_user_id(
) or db.is_user_id_administrator(get_current_user_id()):
new_value = request.data.decode('utf-8')
db.update_entry(entry_id, new_value)
return "OK"
# clear entry_option_id
# clear category_id??
# update user id?? (if admin changed it)
else:
return "Invalid permissions"
