Ejemplo n.º 1
0
def login():
    """Login screen"""
    if request.method == 'POST':
        db_conn = conn_sql()
        db_cur = db_conn.cursor()
        username = request.form['username']
        password = request.form['password']
        error = None
        db_cur.execute(
            'SELECT username,password FROM tb_user WHERE username = %s',
            (username, ))
        user = db_cur.fetchone()
        db_cur.close()

        if user is None:
            error = 'Incorrect username.'
        elif not check_password_hash(user[1], password):
            error = 'Incorrect password.'

        if error is None:
            session.clear()
            session['user_id'] = user[0]
            return redirect(url_for('index'))

        flash(error)

    return render_template('auth/login.html')
Ejemplo n.º 2
0
def register():
    """Check and register new users"""
    if request.method == 'POST':
        db_conn = conn_sql()
        db_cur = db_conn.cursor()
        username = request.form['username']
        password = request.form['password']
        error = None

        if not username:
            error = 'Username is required'
        elif not password:
            error = 'Password is required'
        else:
            db_cur.execute('SELECT id FROM tb_user WHERE username = %s',
                           (username, ))
            user_id = db_cur.fetchone()
            if user_id is not None:
                error = 'User {} is already registered'.format(username)
        if error is None:
            db_cur.execute(
                'INSERT INTO tb_user (username, password) VALUES (%s, %s)',
                (username, generate_password_hash(password)))
            db_conn.commit()
            db_cur.close()
            return redirect(url_for('auth.login'))
        db_cur.close()
        flash(error)

    return render_template('auth/register.html')
Ejemplo n.º 3
0
def delete(bottle_id):
    """Remove bottle from inventory"""
    get_bottle(bottle_id)
    db_conn = conn_sql()
    db_cur = db_conn.cursor()
    db_cur.execute('DELETE FROM tb_whisky WHERE id = %s', (bottle_id, ))
    db_conn.commit()
    db_cur.close()
    return redirect(url_for('listing.index'))
Ejemplo n.º 4
0
def get_dist_id(distillery):
    """Get distillery ID"""
    dist_code = None
    db_conn = conn_sql()
    db_cur = db_conn.cursor()
    db_cur.execute('SELECT id FROM tb_distillery WHERE name = %s',
                   (distillery, ))
    dist_rec = db_cur.fetchone()
    if dist_rec:
        dist_code = dist_rec[0]
    db_cur.close()
    return dist_code
Ejemplo n.º 5
0
def load_logged_in_user():
    """Add user to session"""
    user_id = session.get('user_id')

    if user_id is None:
        g.user = None
    else:
        db_conn = conn_sql()
        db_cur = db_conn.cursor()
        db_cur.execute('SELECT * FROM tb_user WHERE username = %s',
                       (user_id, ))
        g.user = db_cur.fetchone()
        db_cur.close()
Ejemplo n.º 6
0
def index():
    """Main Index Page, lists all available bottles"""
    db_conn = conn_sql()
    db_cur = db_conn.cursor()
    db_cur.execute("""SELECT w.id, u.username,
            w.name, d.name AS distillery,
            d.region, d.country, w.age, w.abv,
            w.notes
            FROM tb_whisky w
            JOIN tb_distillery d ON w.distillery = d.id
            JOIN tb_user u ON u.id = w.owner""")
    bottles = db_cur.fetchall()
    db_cur.close()
    return render_template('listing/index.html', bottles=bottles)
Ejemplo n.º 7
0
def update(bottle_id):
    """Update a bottle in inventory"""
    error = None
    bottle = get_bottle(bottle_id)

    if request.method == 'POST':
        name = request.form['name']
        distillery = request.form['distillery']
        age = request.form['age']
        abv = request.form['abv']
        notes = request.form['notes']

        dist_code = get_dist_id(distillery)

        if not name:
            error = 'Bottle Name required'
        elif not dist_code:
            error = 'Distillery is blank or not found'
        elif not age:
            error = 'Age Statement required'
        elif not abv:
            error = 'Alcohol By Volume required'
        else:
            db_conn = conn_sql()
            db_cur = db_conn.cursor()
            # Do insert
            db_cur.execute(
                """UPDATE tb_whisky
                   SET name = %s,
                   distillery = %s,
                   age = %s,
                   abv = %s,
                   notes = %s
                   WHERE id = %s
                """, (
                    name,
                    dist_code,
                    age,
                    abv,
                    notes,
                    bottle_id,
                ))
            db_conn.commit()
            db_cur.close()
            return redirect(url_for('listing.index'))

        flash(error)

    return render_template('listing/update.html', bottle=bottle)
Ejemplo n.º 8
0
def create():
    """Add bottle to inventory"""
    if request.method == 'POST':
        error = None
        name = request.form['name']
        distillery = request.form['distillery']
        age = request.form['age']
        abv = request.form['abv']
        notes = request.form['notes']

        dist_code = get_dist_id(distillery)

        if not name:
            error = 'Bottle Name required'
        elif not dist_code:
            error = 'Distillery is blank or not found'
        elif not age:
            error = 'Age Statement required'
        elif not abv:
            error = 'Alcohol By Volume required'
        else:
            db_conn = conn_sql()
            db_cur = db_conn.cursor()

            # Do insert
            db_cur.execute(
                """INSERT INTO public.tb_whisky (name, distillery, age, abv, owner, notes)
                VALUES (%s, %s, %s, %s, %s, %s)""", (
                    name,
                    dist_code,
                    age,
                    abv,
                    g.user[0],
                    notes,
                ))
            db_conn.commit()
            db_cur.close()
            return redirect(url_for('listing.index'))

        flash(error)

    return render_template('listing/create.html')
Ejemplo n.º 9
0
def get_bottle(bottle_id, check_owner=True):
    """Get bottle by ID"""
    db_conn = conn_sql()
    db_cur = db_conn.cursor()
    db_cur.execute(
        """SELECT w.id, u.username,
            w.name, d.name AS distillery,
            d.region, d.country, w.age, w.abv,
            w.notes
            FROM tb_whisky w
            JOIN tb_distillery d ON w.distillery = d.id
            JOIN tb_user u ON u.id = w.owner
            WHERE w.id = %s""", (bottle_id, ))
    bottle = db_cur.fetchone()
    db_cur.close()

    if bottle is None:
        abort(404, "Bottle ID {0} does not exist,".format(bottle_id))

    if check_owner and bottle[1] != g.user[1]:
        abort(403)

    return bottle