def user_login():
form = LoginForm()
if request.method == 'POST':
if form.validate() == False:
flash('All fields are required')
return render_template('login/login.html', form=form)
else:
# get a reference to the user model
user = session.query(User).filter(
User.email == form.email.data).one_or_none()
if (not user or not bcrypt.checkpw(form.password.data.encode(),
user.password_hash)):
# provide user feedback
flash('The email or password entered was not correct')
return redirect(url_for('login.user_login'))
else:
user.authenticated = True
try:
# update datebase
session.add(user)
session.commit()
# store user in session
login_user(user, remember=True)
# provide the user feedback
flash('Welcome back %s' % user.name)
return redirect(url_for('category.allCategories'))
except:
session.rollback()
# provide the user feedback
flash('Could not login')
return redirect(url_for('login.user_login'))
else:
# Todo: implement session token for security
state = get_rand_string()
login_session['state'] = state
# populate an oauth credentials dictionary to be used for client side
# oauth
github_creds = get_credentials_for('oauth', 'github')
oauth = {'github_client_id': github_creds['client_id']}
return render_template('login/login.html',
form=form,
state=state,
oauth=oauth)
def updateCategories():
categories = json.loads(request.form['categories'])
try:
for data in categories:
for key in data.keys():
# get an ORM'd reference to current category
category = session.query(Category).filter(
Category.id == data['id']).one()
# update the category properties
category.name = data['name']
category.type = data['type']
category.depth = data['depth']
category.ParentID = data['parentId']
# commit changes to the database
session.commit()
return json.dumps({'success': True}), 200, {
'ContentType': 'application/json'
}
except:
session.rollback()
raise
def api_add_like(current_user):
try:
id_sight = request.args['id_sight']
new_like = Likes(id_user=current_user.id_user,
id_sight=id_sight,
value=1)
session.add(new_like)
session.commit()
return jsonify({
'message': None,
'data': None,
'status': 'success'
}), 200
except exc.IntegrityError:
session.rollback()
return jsonify({
'message': 'Duplicate',
'data': None,
'status': 'error'
}), 400
except Exception:
session.rollback()
return jsonify({
'message': 'Unexpected error',
'data': None,
'status': 'error'
}), 400
def deleteItem(category_id, item_id):
# grab a reference to the category and item models
item = session.query(Item).filter(Item.id == item_id).one()
category = session.query(Category).filter(Category.id == category_id).one()
# restrict access if item doesn't belong to user
if (not current_user.is_authenticated and item.user_id
or (current_user.is_authenticated and
not current_user.id == item.user_id)):
# send feedback to the user
flash('You do not have permission to delete that item')
return redirect(url_for(
'category.allCategories',
current_category_id=category_id))
try:
# remove category from item.
item.item_children.remove(category)
# if item doesn't have any categories then delete item from the database
if len(item.item_children) == 0:
session.delete(item)
# update the database
session.commit()
return json.dumps({'name':item.name, 'success':True}), 200, {'ContentType':'application/json'}
except:
session.rollback()
raise
def newCategory():
params = request.form
# ensure name key and name value
if 'name' in params.keys():
name = params['name']
category = Category(name=name, type=name, depth=0)
else:
return json.dumps({'error': 'missing name parameter'}), 422
try:
# attach category to user
if current_user.is_authenticated:
category.user_id = current_user.id
# add new category to the database
session.add(category)
session.commit()
return json.dumps(category.serialize)
except:
session.rollback()
return json.dumps({'error': 'failed to create a category'}), 400
def deleteCategory(category_id):
try:
category = session.query(Category).filter(
Category.id == category_id).one()
items = (session.query(Item).join(
Item.item_children).filter(Category.id == category_id).all())
session.delete(category)
# if items have no categories then remove them
for item in items:
print('children len: ', item.item_children,
len(item.item_children))
if len(item.item_children) == 0:
os.remove(
os.path.join(app.config['IMAGE_FOLDER'], item.image_name))
session.delete(item)
# commit changes to the database
session.commit()
return json.dumps({
'name': category.name,
'success': True
}), 200, {
'Conten Type': 'application/json'
}
except:
session.rollback()
raise
def update(self, data, object_id):
vehicle = session.query(Vehicle).filter_by(vehicle_id=object_id).first()
vehicle = self._parse_vehicle(data=data, vehicle=vehicle)
try:
session.commit()
return vehicle
except Exception as e:
print(e.__str__())
session.rollback()
return None
def update(self, data, object_id):
port = session.query(Port).filter_by(port_id=object_id).first()
port = self._parse_port(data=data, port=port)
try:
session.commit()
return port
except Exception as e:
print(e.__str__())
session.rollback()
return None
def update(self, data, object_id):
region = session.query(Region).filter_by(region_id=object_id).first()
region = self._parse_region(data=data, region=region)
try:
session.commit()
return region
except Exception as e:
print(e.__str__())
session.rollback()
return None
def api_create_country():
print(request.args)
if 'name' in request.args:
new_count = Country(name=request.args['name'])
try:
session.add(new_count)
session.commit()
except exc.IntegrityError:
session.rollback()
return jsonify({'message': 'Duplicate value', 'data': None, 'status': 'error'}), 400
return jsonify({'message': None, 'data': None, 'status': 'success'}), 200
def editItem(category_id, item_id):
# grab a reference to the category and item models
category = session.query(Category).filter(Category.id == category_id).one()
item = session.query(Item).filter(Item.id == item_id).one()
# restrict access if item doesn't belong to user
if (not current_user.is_authenticated and item.user_id
or (current_user.is_authenticated and
not current_user.id == item.user_id)):
# send feedback to the user
flash('You do not have permission to edit that item')
return redirect(url_for(
'category.allCategories',
current_category_id=category_id))
if request.method == 'GET':
# serve up edit form
return render_template('item/edit.html', item=item, category=category)
if request.method == 'POST':
try:
params = request.form
# update item model from form params
item.name = params['name'] if len(params['name']) > 0 else item.name
item.details = params['details'] if len(params['details']) > 0 else item.details
image = request.files['image'] if 'image' in request.files.keys() else None
# save image asset and set image_name property for the item
if image and image.filename != item.image_name and allowed_file(image.filename, app.config):
image_name = (get_rand_string() + '.').join([str(x) for x in secure_filename(image.filename).split('.')])
path = os.path.join(app.config['IMAGE_FOLDER'], image_name)
image.save(path)
item.image_name = image_name
# update item in the database
session.add(item)
session.commit()
# send feedback to the user
flash("%s updated!" % item.name)
return redirect(url_for(
"category.allCategories",
current_category_id=category_id))
except:
session.rollback()
raise
def api_create_user():
data = request.args.to_dict(flat=True)
hashed_password = generate_password_hash(data['password'], method='sha256')
try:
new_user = Users(public_id=str(uuid.uuid4()),
name=data['name'],
password=hashed_password,)
new_user.id_role = 3
session.add(new_user)
session.commit()
return jsonify({'message': None, 'data': None, 'status': 'success'}), 201
except Exception as e:
session.rollback()
return jsonify({'message': 'Unexpected error', 'data': None, 'status': 'error'}), 400
def api_create_sights():
try:
args = request.args.to_dict(flat=True)
try:
args['urls'] = args['urls'].split(',')
except KeyError as e:
print(e)
new_sight = Sights(**args)
session.add(new_sight)
session.commit()
except exc.IntegrityError as e:
session.rollback()
return jsonify({'message': 'Duplicate value' + e.args[0], 'data': None, 'status': 'error'}), 400
return jsonify({'message': None, 'data': None, 'status': 'success'}), 200
def insert(self, data):
# exist, port = self.check_exist(data=data)
# if exist:
# return port #self.update(data=data, object_id=port.port_id)
# else:
try:
port = self._parse_port(data=data, port=None)
session.add(port)
session.commit()
return port
except Exception as e:
print(e.__str__())
session.rollback()
return None
def insert(self, data):
# exist, vehicle = self.check_exist(data=data)
# if exist:
# return self.update(data=data, object_id=vehicle.port_id)
# else:
try:
vehicle = self._parse_vehicle(data=data, vehicle=None)
session.add(vehicle)
session.commit()
return vehicle
except Exception as e:
print(e.__str__())
session.rollback()
return None
def insert(self, data):
# exist, region = self.check_exist(data=data)
# if exist:
# return region #self.update(data=data, object_id=region.port_id)
# else:
try:
region = self._parse_region(data=data, region=None)
session.add(region)
session.commit()
return region
except Exception as e:
print(e.__str__())
session.rollback()
return None
def api_create_town():
if 'name' in request.args:
try:
new_town = Town(name=request.args['name'],
id_country=request.args['id_country'])
session.add(new_town)
session.commit()
except exc.IntegrityError:
session.rollback()
return jsonify({
'message': 'Duplicate value',
'data': None,
'status': 'error'
}), 400
return jsonify({'message': None, 'data': None, 'status': 'success'}), 201
def createItem(category_id):
# grab a reference to the category model
category = session.query(Category).filter(Category.id == category_id).one()
# render the item creation form
if request.method == 'GET':
return render_template('item/index.html', category=category)
if request.method == 'POST':
try:
params = request.form
# create an item object from form params
item = Item( type=category.name, name=params['name'],
details=params['details'])
# attach a user to an item
if current_user.is_authenticated:
item.user_id = current_user.id
if 'image' in request.files.keys():
image = request.files['image']
# save image asset and set image_name property for the item
if image and allowed_file(image.filename, app.config):
image_name = (get_rand_string() + '.').join([str(x) for x in secure_filename(image.filename).split('.')])
path = os.path.join(app.config['IMAGE_FOLDER'], image_name)
image.save(path)
item.image_name = image_name
# connect item to its category
item.item_children.append(category)
# add item to database
session.add(item)
session.commit()
# send feedback to the user
flash("%s created!" % item.name)
return redirect(url_for(
"category.allCategories",
current_category_id=category_id))
except:
session.rollback()
raise
def logout():
user = current_user
user.authenticated = False
try:
session.add(user)
session.commit()
logout_user()
# provide the user feedback
flash('Successfuly logged out!')
return redirect(url_for('category.allCategories'))
except:
session.rollback()
raise
def api_del_like(current_user):
try:
id_sight = request.args['id_sight']
del_like = session.query(Likes).filter(
Likes.id_user == current_user.id_user,
Likes.id_sight == id_sight).first()
session.delete(del_like)
session.commit()
return jsonify({
'message': None,
'data': None,
'status': 'success'
}), 200
except Exception:
session.rollback()
return jsonify({
'message': 'Unexpected error',
'data': None,
'status': 'error'
}), 400
def fin():
session.rollback()
def user_signup():
form = LoginForm()
if request.method == 'GET':
state = get_rand_string()
login_session['state'] = state
# populate an oauth credentials dictionary to be used for client side
# oauth
github_creds = get_credentials_for('oauth', 'github')
oauth = {'github_client_id': github_creds['client_id']}
return render_template('login/signup.html',
oauth=oauth,
form=form,
state=state)
elif request.method == 'POST':
if form.validate() == False:
flash('All fields are required')
return render_template('login/signup.html', form=form)
else:
# generate a password hash from the users' password
pw_hash = bcrypt.hashpw(form.password.data.encode(),
bcrypt.gensalt())
email = form.email.data
# check to make sure user doesn't already exist
try:
prev_user = session.query(User).filter(
User.email == email).one_or_none()
if not prev_user:
# create a new user
user = User(email=email,
password_hash=pw_hash,
authenticated=True)
# add user to the database
session.add(user)
session.commit()
# store user in session
login_user(user, remember=True)
# provide the user feedback
flash('Welcome %s' % user.name)
return redirect(url_for('category.allCategories'))
else:
# notify that a user has already been created with that
# email
flash('A user already exists with that email')
return redirect(url_for('login.user_signup'))
except:
session.rollback()
raise
