def load_logged_in_user(): user_id = session.get('uid') if user_id is None: g.user = None else: g.user = get_db().execute("SELECT * FROM user WHERE id = ?;", (user_id, )).fetchone() load_projects()
def get_projects(include_private=False): """Load all projects for a logged in user""" db = get_db() sql = "SELECT * FROM project WHERE user_fk = ?" if not include_private: sql += " AND name NOT LIKE '.%'" return db.execute(sql, (g.user['id'], )).fetchall()
def view_projects(): db = get_db() error = None projects = db.execute( "SELECT * FROM project WHERE user_fk = ? AND name NOT LIKE '.%'", (g.user['id'], )).fetchall() return render_template('project/projects.html', projects=projects)
def load_projects(): """Load projects of a logged in user and keep in g to make available for menu etc""" if not g.user: g.projects = None else: g.projects = get_db().execute( "SELECT * FROM project WHERE user_fk = ? AND name NOT LIKE '.%';", (g.user['id'], )).fetchall()
def get_item(id): db = get_db() item = db.execute("SELECT * FROM item WHERE id = ?;", (id, )).fetchone() if item is None: abort(404, f"Could not find item with id {id}") if item['user_fk'] != g.user['id']: abort(403, "You can only edit and view items that you own") return item
def get_project_byname(name): db = get_db() project = db.execute("SELECT * FROM project WHERE name = ?;", (name, )).fetchone() if project is None: abort(404, f"Could not find project with name {name}") if project['user_fk'] != g.user['id']: abort(403, "You can only edit projects that you own") return project
def get_items(project_id): """ Load all items belonging to a certain project. :param project_id: <int> id of project :return: <list> list of items """ db = get_db() items = db.execute( "SELECT * FROM item WHERE project_fk = ? AND user_fk = ?;", (project_id, g.user['id'])).fetchall() return items
def delete(): if request.method == 'POST': delete_user_dir() db = get_db() db.execute("DELETE FROM project WHERE user_fk = ?;", (g.user['id'], )) db.execute("DELETE FROM item WHERE user_fk = ?;", (g.user['id'], )) db.execute("DELETE FROM user WHERE id = ?;", (g.user['id'], )) db.commit() flash("User and all user data deleted successfully") return redirect(url_for('index')) return render_template('user/delete.html')
def get_item(id): """ Get one item by id :param id: <int> id of item to get :return: <sqlite3.Row> item """ db = get_db() item = db.execute("SELECT * FROM item WHERE id = ?;", (id, )).fetchone() if item is None: abort(404, f"Could not find item with id {id}") if item['user_fk'] != g.user['id']: abort(403, "You can only edit and view items that you own") return item
def is_unique_name(name): """ Check if a project name is unique. :param name: <str> name to check :return: <bool> True or False """ db = get_db() project = db.execute( "SELECT * FROM project WHERE name = ? AND user_fk = ?;", (name, g.user['id'])).fetchone() if project is not None: return False return True
def get_project(id): """ Load a single project by id :param id: <int> id of project to load :returns: <sqlite3.Row> project """ db = get_db() project = db.execute("SELECT * FROM project WHERE id = ?;", (id, )).fetchone() if project is None: abort(404, f"Could not find project with id {id}") if project['user_fk'] != g.user['id']: abort(403, "You can only edit projects that you own") return project
def login(): if request.method == 'POST': db = get_db() error = None email = request.form['email'] password = request.form['password'] user = db.execute("SELECT * FROM user WHERE email = ?", (email, )).fetchone() if user is None or not check_password_hash(user['password'], password): error = "Email unknown or password incorrect" if error is None: session.clear() session['uid'] = user['id'] return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def delete_item(item): """ Delete an item. Deletes the copy of the item if it's an image or pdf :param item: <sqlite.Row> item :return: <int> item id """ if item['local_path']: local_path = current_app.root_path + item['local_path'] Path(local_path).unlink() db = get_db() db.execute("DELETE FROM item WHERE id = ?;", (item['id'], )) db.commit() iid = item['id'] del item return iid
def delete(id): project = get_project(id) if request.method == 'POST': db = get_db() if g.user['id'] == project['user_fk']: if request.form.get('delete-items'): items = get_items(id) for item in items: delete_item(item) db.execute("DELETE FROM project WHERE id = ?;", (project['id'], )) flash(f"Deleted project {project['id']}") del project db.commit() return redirect(url_for('project.view_projects')) else: flash("You cannot delete a project that is not yours") return render_template('project/delete.html', project=project)
def edit(id): project = get_project(id) if request.method == 'POST': db = get_db() error = None name = request.form['name'] description = request.form['description'] if not name: error = "You must name your project" elif not is_unique_name(name) and not name == project['name']: error = f"You already have another project with this name: {name}" if error is None: db.execute( "UPDATE project SET name = ?, description = ? WHERE id = ?;", (name, description, project['id'])) db.commit() return redirect(url_for('project.view', id=project['id'])) flash(error) return render_template('project/edit.html', project=project)
def edit(id): item = get_item(id) projects = get_projects(include_private=True) if request.method == 'POST': error = None link = request.form['link'] body = request.form['body'] tags = request.form['tags'] project = request.form['project'] if not link: error = "You must enter a title or a link" if error is None: db = get_db() db.execute( "UPDATE item SET project_fk = ?, tags = ?, body = ?, link = ? WHERE id = ?;", (project, tags, body, link, id)) db.commit() return redirect(url_for('item.view', id=id)) return render_template('item/edit.html', item=item, projects=projects)
def new(): if request.method == 'POST': db = get_db() error = None name = request.form['name'] description = request.form['description'] if not name: error = "You need to give your project a name" elif not is_unique_name(name): error = f"You already have a project with this name: {name}" if error is None: db.execute( "INSERT INTO project (name, description, user_fk) VALUES (?, ?, ?);", (name, description, g.user['id'])) db.commit() load_projects() return redirect(url_for('project.view_projects')) flash(error) return render_template('project/new.html')
def new(): projects = get_projects(include_private=True) if not projects: flash("Please createa a project first") return redirect(url_for('project.new')) if request.method == 'POST': error = None link = request.form['link'] body = request.form['body'] tags = request.form['tags'] project = request.form['project'] local_path = None kind = 'text' if link: kind, res = interpret_kind(link) if kind == 'img' or kind == 'pdf': local_path = download_file(link, res) file = request.files.get('file', None) filetype = file.content_type if file and file.filename != '': local_path, error = save_uploaded_file(file) if local_path: link = local_path kind = 'img' if any([ ft in filetype for ft in current_app.config['DISPLAYABLE_IMG'] ]) else 'link' if not link: error = "You must enter a title or a link or upload a file" if error is None: db = get_db() cur = db.execute( "INSERT INTO item ('kind', 'project_fk', 'user_fk', 'link', 'local_path', 'body', 'tags') VALUES (?, ?, ?, ?, ?, ?, ?);", (kind, project, g.user['id'], link, local_path, body, tags)) db.commit() id = cur.lastrowid return redirect(url_for('item.view', id=id)) flash(error) return render_template("item/new.html", projects=projects)
def register(): if request.method == 'POST': db = get_db() error = None displayname = request.form['displayname'] password = request.form['password'] email = request.form['email'] picture = request.form['picture'] description = request.form['description'] # We don't need to go into all possible combinations of missing parameters here, # it is enough to check them one by one (frontend should do proper form validation) if not displayname: error = "Username is required" if not password: error = "Password is required" if not email: error = "E-Mail is required" if db.execute("SELECT * FROM user WHERE email = ?;", (email, )).fetchone() is not None: error = "You have already registered an account with this email address" if db.execute("SELECT * FROM user WHERE displayname = ?;", (displayname, )).fetchone() is not None: error = "This username is not available" if error is None: user_dir = create_userdir(displayname) cur = db.execute( """INSERT INTO user (displayname, password, email, img_link, description, user_dir) VALUES (?, ?, ?, ?, ?, ?) """, (displayname, generate_password_hash(password), email, picture, description, str(user_dir)) ) db.commit() flash(f"Created user directory at {user_dir}") return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def get_projects(): db = get_db() if not g.user: return redirect(url_for('login')) return db.execute("SELECT * FROM project WHERE user_fk = ?;", (g.user['id'], )).fetchall()