def admin_post_mod(post_id): print(f"post_id:{post_id}") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load single post and load template print(f"user_id {session['user_id']}") print(f"user_level {session['user_level']}") if session['user_level'] <= 2: sql = "SELECT * FROM post WHERE idpost = :idpost" post = db.execute(sql, idpost=post_id) else: sql = "SELECT * FROM post WHERE idpost = :idpost AND idusers = :id" post = db.execute(sql, idpost=post_id, id=session['user_id']) print(f"loaded post: {post}") return render_template("admin-post-modify.html", opt=opt, menu=menu, page=this_page, post=post)
def admin_profile(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() profile = db.execute("SELECT * FROM users WHERE id = :id", id=session["user_id"]) if len(profile) == 0: return apology("I can't find your user profile in database", 500) else: return render_template("admin-profile.html", profile=profile[0], opt=opt, menu=menu, page=this_page)
def admin_users(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home rows = db.execute( "SELECT users.*, users_level.* FROM users, users_level WHERE users.idusers_level = users_level.idusers_level ORDER BY users.idusers_level ASC, users.email ASC" ) return render_template("admin-users.html", opt=opt, menu=menu, page=this_page, rows=rows)
def admin_pages(): # SECURITY USER LEVEL CHECK if session["user_level"] != 1: return redirect("/admin/home") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home rows = db.execute( "SELECT * FROM pages ORDER BY locked DESC, menu_item DESC, is_visible DESC" ) return render_template("admin-pages.html", opt=opt, menu=menu, page=this_page, rows=rows)
def admin_drafts(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home if session['user_level'] < 3: sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 ORDER BY post.date DESC LIMIT 20" rows = db.execute(sql) else: sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 AND post.idusers=:id_linked_user ORDER BY post.date DESC LIMIT 20" rows = db.execute(sql, id_linked_user=session['user_id']) return render_template("admin-drafts.html", opt=opt, menu=menu, page=this_page, rows=rows)
def admin_users_detail(id): opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() sql = "SELECT * FROM users WHERE id = :id " content = db.execute(sql, id=id) if len(content) == 0: return apology("User not found", 500) # load user levels user_level = db.execute( "SELECT * FROM users_level ORDER BY idusers_level ASC") return render_template("admin-users-detail.html", profile=content[0], user_level=user_level, opt=opt, menu=menu, page=this_page)
def admin_page_mod(page_id): # SECURITY USER LEVEL CHECK if session["user_level"] != 1: return redirect("/admin/home") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load single post and load template if session['user_level'] == 1: sql = "SELECT * FROM pages WHERE idpages = :idpages" post = db.execute(sql, idpages=page_id) else: return apology("Sorry, you're not authorized to manage pages", 301) return render_template("admin-page-modify.html", opt=opt, menu=menu, page=this_page, post=post)