def idea_box(id):
# have to check if the current user belong to the same company with the idea box:
idea_box = get_idea_box(id, current_user)
# log out unathorized user:
if not idea_box:
return unathorized("You cannot to view this Idea Box.", "error")
# authorized admin with box privileg:
if is_auth_box(current_user):
current_user.is_admin = True
# set is_open property to the Boxes; If the closing time already due then cannot to share new idea
idea_box.Boxes.is_open = is_open(idea_box.Boxes.close_at)
# query all ideas for the choosen box:
ideas = Ideas.query.filter(Ideas.box_id == id).all()
for idea in ideas:
# update ideas with the poster avatar extension:
colleague = Colleagues.query.get(idea.colleague_id)
idea.avatar = get_avatar(colleague)
# change sign code to the corresponded value:
idea.position = colleague.position
return render_template(
"idea_box.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
ideas=ideas,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def main():
company = Company.query.get(current_user.company_id)
company_id = company.id
# display existed Idea Boxes:
boxes = db.session.query(Boxes, Admins, Colleagues).filter(
Boxes.admin_id == Admins.id, Colleagues.id == Admins.colleague_id,
Colleagues.company_id == company_id).all()
# replace any HTML elements and entities from the name:
for box in boxes:
# query the last activity from the idea table corresponding to the current box
activity = db.session.query(func.max(
Ideas.create_at)).filter(Ideas.box_id == box.Boxes.id).first()
# query all ideas of the current box:
ideas = Ideas.query.filter(Ideas.box_id == box.Boxes.id).all()
box.Boxes.counter = len(ideas)
# query the last 5 poster's avatars:
posters = []
for poster in ideas[-5:]:
data = {"name": poster.sign, "avatar": "incognito-cut.svg"}
if poster.sign != "incognito":
data["avatar"] = get_avatar(
Colleagues.query.get(poster.colleague_id))
posters.append(data)
box.Boxes.posters = posters
box.Boxes.activity = activity[0]
box.Boxes.name = remove_html(box.Boxes.name)
return render_template(
"main.html",
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
boxes=boxes,
nav=get_nav(current_user))
def delete_idea(id):
current_idea = Ideas.query.get(id)
box = Boxes.query.get(current_idea.box_id)
# authenticate user
if (current_idea.colleague_id != current_user.id
and not is_auth_box(current_user)) or not is_open(box.close_at):
return unathorized("This Idea cannot to delete.", "error")
# delete idea:
try:
db.session.delete(Ideas.query.get(id))
db.session.commit()
flash(f"This post successfully deleted from the Idea Box.", "inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
return redirect(url_for("idea_box", id=current_idea.box_id))
def delete_box(id):
# authenticate admin:
if not is_auth_box(current_user):
return unathorized("You are not authorized to delete Idea Box.",
"error")
# authenticate company:
if not authenticate_company(id, current_user):
return unathorized(
"This Idea Box belong to another company. You cannot to delete.",
"error")
# delete Idea Box:
try:
db.session.delete(Boxes.query.get(id))
db.session.commit()
flash(f"Your Idea Box successfully deleted.", "inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
return redirect(url_for("main"))
def create_idea(box_id, idea_id):
# if id == 0 create new idea, otherwise update existed idea by id
# authenticate user:
idea_box = get_idea_box(box_id, current_user)
# log out unathorized user:
# if idea_box empty then current user belong to different company
# if idea box already closed the user modified the url field
if not idea_box or not is_open(idea_box.Boxes.close_at):
return unathorized("You cannot to edit this Idea.", "error")
current_idea = Ideas.query.get(idea_id)
colleague = current_user
current_user.is_admin = False
if idea_id > 0 and current_idea.colleague_id != current_user.id:
# this idea belong to different colleague than the current user, check updata_box privileg:
if not is_auth_box(current_user):
return unathorized("You don't hane privileg to edit this Idea.",
"error")
else:
# current user is an admin with privileg to edit/delete boxes and ideas:
current_user.is_admin = True
colleague = Colleagues.query.get(current_idea.colleague_id)
form = CreateIdeaForm()
# change sign-input's labels to the name of current user (name must be hidden for Admins!):
form.sign.choices = [
("incognito", "incognito"),
(current_user.user_name, current_user.user_name),
(current_user.first_name, current_user.first_name),
(current_user.fullname(), current_user.fullname())
] if not current_user.is_admin else [(current_idea.sign,
current_idea.sign)]
if form.validate_on_submit():
print("submitted")
success = ""
error = ""
if idea_id == 0:
# instantiate new Idea:
idea = Ideas(idea=form.idea.data,
sign=form.sign.data,
box_id=box_id,
colleague_id=current_user.id)
db.session.add(idea)
success = "Thank you for sharing your Idea."
error = "Any error occured when post your Idea. Please try again."
else:
# edit existed idea:
error = "Any error occured when edited your Idea. Please try again."
if current_idea.idea != form.idea.data:
current_idea.idea = form.idea.data
success += "Your idea successfully edited.\n"
if current_idea.sign != form.sign.data:
current_idea.sign = form.sign.data
success += f"Your sign changed to {current_idea.sign}.\n"
try:
db.session.commit()
flash(success, "inform")
return redirect(url_for("idea_box", id=box_id))
except:
db.session.rollback()
flash(error, "error")
return redirect(
url_for("create_idea", box_id=box_id, idea_id=idea_id))
if idea_id > 0:
# edit mode:
form.submit.label.text = "Edit my Idea" if not current_user.is_admin else f"Edit {colleague.first_name}'s Idea"
form.idea.data = current_idea.idea
form.sign.data = current_idea.sign
else:
form.sign.data = current_user.first_name # set first name by default checked
return render_template(
"create_idea.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
avatar="incognito-cut.svg"
if form.sign.data == "incognito" else get_avatar(colleague),
form=form,
colleague=colleague,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def create_box(id):
# if id == 0 create new box, otherwise update box by id
# authenticate admin:
if not is_auth_box(current_user):
return unathorized("You are not authorized to create Idea Box.",
"error")
# authenticate company
if id > 0 and not authenticate_company(id, current_user):
return unathorized("You are not authorized to update Idea Box.",
"error")
current_box = Boxes.query.get(id)
form = CreateBoxForm()
if form.validate_on_submit():
name = form.name.data
description = form.description.data
close_at = form.close_at.data
if id == 0:
# add new Idea Box to the Boxes table:
new_box = Boxes(name=name,
description=description,
close_at=close_at,
admin_id=get_admin_id(current_user))
db.session.add(new_box)
error = "Any error occured when created new Idea Box. Please try again."
success = "New Idea Box successfully created."
else:
# edit box by id:
success = ""
if name != current_box.name:
current_box.name = name
success += "Title updated.\n"
if description != current_box.description:
current_box.description = description
success += "Description updated.\n"
# close_at is a date object, have to convert to string
str_close_at = close_at.strftime("%Y-%m-%d")
if str_close_at != current_box.close_at:
current_box.close_at = close_at
success += "Closing date updated.\n"
error = "Any error occured when updated Idea Box. Please try again."
try:
db.session.commit()
flash(success, "inform")
except:
db.session.rollback()
flash(error, "error")
return redirect(url_for("create_box", id=id))
return redirect(url_for("main"))
if id > 0:
# edit mode:
form.submit.label.text = "Edit Box"
form.name.data = current_box.name
form.description.data = current_box.description
form.close_at.data = str_to_date(current_box.close_at)
return render_template(
"create_box.html",
form=form,
id=id,
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
nav=get_nav(current_user))