def create():
"""Create a new partner for the current user."""
if request.method == 'POST':
values = post_values(request.form)
error = None
if not values['title']:
error = 'Не указано название контрагента.'
if error is not None:
flash(error)
else:
db = database.get_db()
values['manager_id'] = g.user['id']
prefix, fields = database.insert_db_str('partner', values)
print(prefix)
db.execute(prefix, fields)
db.commit()
return redirect(url_for('partner.index'))
db = database.get_db()
partner_types = db.execute('SELECT id, title'
' FROM partner_type p'
' ORDER BY title').fetchall()
return render_template('partners/update.html',
form_name='Создать контрагента',
partner_types=partner_types,
partner=partner_defaults())
def update(id):
"""Update a partner if the current user is logged in."""
partner = get_partner(id)
if request.method == 'POST':
values = post_values(request.form)
error = None
if not values['title']:
error = 'Не указано название контрагента.'
if error is not None:
flash(error)
else:
db = database.get_db()
prefix, fields = database.update_db_str('partner', values)
db.execute(prefix + ' WHERE id = ?', fields + (id, ))
db.commit()
return redirect(url_for('partner.index'))
db = database.get_db()
partner_types = db.execute('SELECT id, title'
' FROM partner_type p'
' ORDER BY title').fetchall()
return render_template('partners/update.html',
form_name='Изменить контрагента',
partner_types=partner_types,
partner=partner)
def create():
"""Create a new deal for the current user."""
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
customer_id = request.form['customer']
error = None
if not title:
error = 'Не указано название.'
if error is not None:
flash(error)
else:
db = database.get_db()
db.execute(
'INSERT INTO deal (title, body, manager_id, customer_id)'
' VALUES (?, ?, ?, ?)',
(title, body, g.user['id'], customer_id))
db.commit()
return redirect(url_for('deal.index'))
db = database.get_db()
customers = db.execute(
'SELECT p.id AS p_id, p.title AS p_title, partner_type_id, t.customer'
' FROM partner p'
' JOIN partner_type t ON partner_type_id = t.id'
' WHERE t.customer = 1'
' ORDER BY p_title').fetchall()
return render_template('deals/create.html',
form_name='Создать заказ',
customers=customers,
deal=deal)
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def get_deal(id, check_manager=True):
"""Get a deal and its manager by id.
Checks that the id exists and optionally that the current user is
the deal's owner.
:param id: id of the deal to get
:param check_manager: require the current user to be the owner
:return: the deal with manager information
:raise 404: if a deal with the given id doesn't exist
:raise 403: if the current user isn't the owner
"""
deal = database.get_db().execute(
'SELECT d.id, d.title, body, d.created, d.manager_id, customer_id, username'
' FROM deal d'
' JOIN user u ON d.manager_id = u.id'
' JOIN partner c ON d.customer_id = c.id'
' WHERE d.id = ?', (id, )).fetchone()
if deal is None:
abort(404, "Заказ id {0} не найден.".format(id))
if check_manager and deal['manager_id'] != g.user['id']:
abort(403)
return deal
def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def delete(id):
"""Delete a partner.
Ensures that the partner exists.
"""
get_partner(id)
db = database.get_db()
db.execute('DELETE FROM partner WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('partner.index'))
def index():
"""Show all the deals, most recent first."""
db = database.get_db()
deals = db.execute(
'SELECT d.id, d.title, body, d.created, d.manager_id, customer_id,'
' username, c.title AS customer_title'
' FROM deal d'
' JOIN user u ON d.manager_id = u.id'
' JOIN partner c ON d.customer_id = c.id'
' ORDER BY d.created DESC').fetchall()
return render_template('deals/index.html', deals=deals)
def delete(id):
"""Delete a deal.
Ensures that the deal exists and that the logged in user is the
deal's manager.
"""
get_deal(id)
db = database.get_db()
db.execute('DELETE FROM deal WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('deal.index'))
def index():
"""Show all partners."""
db = database.get_db()
partners = db.execute(
'SELECT ' + fields_with_prefix('p', partner_fields()) +\
', p.manager_id, p.created, username'
' FROM partner p'
' JOIN user u ON p.manager_id = u.id'
' JOIN partner_type t ON partner_type_id = t.id'
' ORDER BY p.title'
).fetchall()
return render_template('partners/index.html', partners=partners)
def get_partner(id, check_manager=False):
"""Get a partner and its manager by id.
Checks that the id exists and optionally that the current user is
the partner's manager.
:param id: id of the partner to get
:param check_manager: require the current user to be the partner's manager
:return: the partner with manager information
:raise 404: if a partner with the given id doesn't exist
:raise 403: if the current user cannot get the partner
"""
db = database.get_db()
partner = db.execute(
'SELECT ' + fields_with_prefix('p', partner_fields()) +\
', p.manager_id, p.created, username'
' FROM partner p'
' JOIN user u ON p.manager_id = u.id'
' WHERE p.id = ?',
(id,)
).fetchone()
if partner is None:
abort(404, "Контрагент id {0} не существует.".format(id))
partner_shiny = {}
for k in partner.keys():
if k[:2] == 'p_':
partner_shiny[k[2:]] = partner[k]
else:
partner_shiny[k] = partner[k]
partner = partner_shiny
if check_manager and partner['manager_id'] != g.user['id']:
abort(403)
return partner
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
# store the user id in a new session and return to the index
session.clear()
session['user_id'] = user['id']
return redirect(url_for('deals.index'))
flash(error)
return render_template('auth/login.html')
def update(id):
"""Update a deal if the current user is the deal's manager."""
deal = get_deal(id)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Не указано название.'
if error is not None:
flash(error)
else:
db = database.get_db()
db.execute('UPDATE deal SET title = ?, body = ? WHERE id = ?',
(title, body, id))
db.commit()
return redirect(url_for('deal.index'))
return render_template('deals/update.html',
form_name='Обновить заказ',
deal=deal)