def add_cart(id):
user_id = session.get('user_id')
db = get_db()
verifexistitem = get_db().execute(
'SELECT c.product_id'
' FROM cart c JOIN user u ON c.author_id = u.id'
' WHERE u.id = ?', (user_id, )).fetchone()
if verifexistitem is not None:
# On fait une boucle pour vérifier si le produit a déjà été ajouté au panier
for itemid in verifexistitem:
while itemid == id:
flash('Cet article est déjà dans votre panier.', 'danger')
return redirect(url_for('cart.cart'))
else:
db.execute(
'INSERT INTO cart (product_id, author_id)'
' VALUES (?, ?)', (id, g.user['id']))
db.commit()
flash('Article ajouté dans votre panier !', 'success')
return redirect(url_for('cart.cart'))
else:
db.execute('INSERT INTO cart (product_id, author_id)'
' VALUES (?, ?)', (id, g.user['id']))
db.commit()
flash('Article ajouté dans votre panier !', 'success')
return redirect(url_for('cart.cart'))
def load_logged_in_user():
user_id = session.get('user_id')
user_admin = session.get('user_admin')
if user_admin == 0:
g.admin = 0
else:
g.admin = get_db().execute('SELECT * FROM user WHERE isAdmin = ?',
(user_admin, )).fetchone()
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def update(id):
user = get_user(id)
cats = all_category()
if request.method == 'POST':
username = request.form['username']
admin = request.form['admin']
error = None
if not username:
error = 'Login obligatoire.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE user SET username = ?, isAdmin = ?'
' WHERE id = ?', (username, admin, id))
db.commit()
flash('Modification réussie !', 'success')
return redirect(url_for('admin.all'))
return render_template('administration/update-user.html',
cats=cats,
user=user)
def delete(id):
get_product(id)
db = get_db()
db.execute('DELETE FROM product WHERE id = ?', (id, ))
db.commit()
flash('Livre supprimé !', 'success')
return redirect(url_for('product.inventory'))
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
admin = 0
db = get_db()
error = None
# On ajoute des vérifications avec contraintes de mot de passe
if not username:
error = 'Veuillez renseigner un login.'
elif not password:
error = 'Veuillez renseigner un mot de passe.'
elif len(password) < 6:
error = 'Mot de passe trop court.'
elif re.search('[0-9]', password) is None:
error = 'Votre mot de passe doit contenir au moins un chiffre.'
elif re.search('[A-Z]', password) is None:
error = 'Votre mot de passe doit contenir au moins une lettre majuscule.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
db.execute(
'INSERT INTO user (username, password, isAdmin) VALUES (?, ?, ?)',
(username, generate_password_hash(password), admin))
db.commit()
flash('Compté créé ! Vous pouvez vous connecter.', 'success')
return redirect(url_for('auth.login'))
flash(error, 'danger')
return render_template('auth/register.html')
def detail(id):
db = get_db()
details = db.execute(
'SELECT *'
' FROM product JOIN category ON product.category_id = category.id'
' WHERE category_id = ?', (id, )).fetchall()
return render_template('category/detail.html', details=details, title=id)
def update(id):
product = get_product(id)
state_list = [
'Neuf', 'Très bon état', 'Bon état', 'Etat correct', 'Mauvais état'
]
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
price = request.form['price']
state = request.form['state']
error = None
if not name:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE product SET name = ?, description = ?, price = ?, state = ?'
' WHERE id = ?', (name, description, price, state, id))
db.commit()
flash('Modification réussie !', 'success')
return redirect(url_for('product.inventory'))
return render_template('product/update.html',
product=product,
state_list=state_list)
def index():
db = get_db()
products = db.execute(
'SELECT p.id, name, description, price, state, image, created, author_id, username'
' FROM product p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC').fetchall()
return render_template('product/home.html', products=products)
def delete(id):
get_cat(id)
db = get_db()
db.execute('DELETE FROM category WHERE id = ?', (id, ))
db.commit()
flash('Catégorie supprimée !', 'success')
return redirect(url_for('category.index'))
def query_from_db(isbn):
db = get_db()
book = db.execute(
'select name,cover,original_name,author,press,translator,publication_time,pricing,isbn,intro,score from book where isbn=?',
(isbn, )).fetchone()
return book
def detail(id):
db = get_db()
details = db.execute(
'SELECT p.id, name, description, price, state, image, created, author_id, username'
' FROM product p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?', (id, )).fetchall()
return render_template('product/detail.html', details=details, title=id)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif len(password) < 6:
error = 'Password too short.'
elif re.search('[0-9]', password) is None:
error = 'Make sure your password has a number in it.'
elif re.search('[A-Z]', password) is None:
error = 'Make sure your password has a capital letter in it.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
flash('Compté créé ! Vous pouvez vous connecter.', 'success')
return redirect(url_for('auth.login'))
flash(error, 'danger')
return render_template('auth/register.html')
def all():
db = get_db()
categories = db.execute(
'SELECT c.id, name, author_id'
' FROM category c JOIN user u ON c.author_id = u.id'
' ORDER BY name DESC').fetchall()
return render_template('category/index.html', categories=categories)
def get_image(id):
get_product(id)
image = get_db().execute(
'SELECT image'
' FROM product'
' WHERE id = ?',
(id,)
).fetchone()
return image
def get_user(id):
user = get_db().execute(
'SELECT id, username, isAdmin'
' FROM user'
' WHERE id = ?', (id, )).fetchone()
if user is None:
abort(404, "Le user id {0} n'existe pas.".format(id))
return user
def inventory():
user_id = session.get('user_id')
db = get_db()
products = db.execute(
'SELECT p.id, name, description, price, state, image, created, author_id, username'
' FROM product p JOIN user u ON p.author_id = u.id'
' WHERE author_id = ?'
' ORDER BY created DESC', (user_id, )).fetchall()
return render_template('product/inventory.html', products=products)
def note_add():
if request.method == 'POST':
db = get_db()
createds = request.form['selected'].split(',') # 否则对整个字符串进行遍历
for item in createds:
db.execute(
'DELETE FROM note where created = ?', (item,)
)
db.commit()
return jsonify([])
def category():
db = get_db()
categories = db.execute('SELECT id, name'
' FROM category'
' ORDER BY id DESC').fetchall()
cats = all_category()
return render_template('administration/category.html',
categories=categories,
cats=cats)
def product():
db = get_db()
products = db.execute('SELECT id, name, description, price, state'
' FROM product'
' ORDER BY id DESC').fetchall()
cats = all_category()
return render_template('administration/product.html',
products=products,
cats=cats)
def insert_to_db(data):
db = get_db()
db.execute(
'INSERT INTO book(name,cover,original_name,author,press,translator,publication_time,pricing,isbn,intro,score) VALUES (?,?,?,?,?,?,?,?,?,?,?)',
(data.get('name', ''), data.get('cover', ''),
data.get('original_name', ''), data.get(
'author', ''), data.get('press', ''), data.get('translator', ''),
data.get('publication_time', ''), data.get('pricing', ''),
data.get('isbn', ''), data.get('intro', ''), data.get('score', '')))
db.commit()
def delete(id):
db = get_db()
file = get_image(id)
location = "book/static/uploads"
db.execute('DELETE FROM product WHERE id = ?', (id,))
for filename in file:
# On supprime l'image du produit dans le dossier uploads
os.remove(os.path.join(location, filename))
db.commit()
flash('Livre supprimé !', 'success')
return redirect(url_for('product.inventory'))
def order():
db = get_db()
orders = db.execute('SELECT c.id, c.created, p.name, p.price, u.username'
' FROM command c'
' JOIN user u ON c.author_id = u.id'
' JOIN product p ON c.product_id = p.id'
' ORDER BY p.name ASC').fetchall()
cats = all_category()
return render_template('administration/command.html',
orders=orders,
cats=cats)
def note_add_temp():
if request.method == 'POST':
db = get_db()
created = request.form['created']
title = request.form['title']
content = request.form['content'] # 前端已作验证
db.execute(
'INSERT INTO note (author_id, title, content, created)'
' VALUES (?, ?, ?, ?)',
(0,title,content,created)
)
db.commit() # 记得commit
return jsonify([])
def get_cat(id, check_author=True):
product = get_db().execute(
'SELECT c.id, name, author_id'
' FROM category c JOIN user u ON c.author_id = u.id'
' WHERE c.id = ?', (id, )).fetchone()
if product is None:
abort(404, "Product id {0} doesn't exist.".format(id))
if check_author and product['author_id'] != g.user['id']:
abort(403)
return product
def get_product(id, check_author=True):
product = get_db().execute(
'SELECT p.id, name, description, price, state, created, author_id, username'
' FROM product p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?', (id, )).fetchone()
if product is None:
abort(404, "Le produit id {0} n'existe pas.".format(id))
if check_author and product['author_id'] != g.user['id']:
abort(403)
return product
def note_get_temp():
db = get_db()
notes = db.execute(
'SELECT title, content, created'
' FROM note' # 换行后记得加开头的空格
' ORDER BY created DESC'
).fetchall()
notes = [{
'title': note['title'],
'content': note['content'],
'created': note['created']
} for note in notes]
return jsonify(notes)
def detail(id):
db = get_db()
details = db.execute(
'SELECT *'
' FROM product JOIN category ON product.category_id = category.id'
' WHERE category_id = ?', (id, )).fetchall()
if not details:
flash('Pas de livres trouvés pour cette catégorie.', 'danger')
cats = all_category()
return render_template('category/detail.html',
details=details,
title=id,
cats=cats)
def get_product_cart(id, check_author=True):
product = get_db().execute(
'SELECT p.id, author_id'
' FROM product p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?',
(id,)
).fetchone()
if product is None:
abort(404, "Le produit id {0} n'existe pas.".format(id))
# On empêche un utilisateur de mettre au panier son propre produit
if check_author and product['author_id'] == g.user['id']:
abort(403)
return product
def get_cat_user():
user_id = session.get('user_id')
db = get_db()
categories = db.execute(
'SELECT c.id, name, author_id'
' FROM category c JOIN user u ON c.author_id = u.id'
' WHERE author_id = ?'
' ORDER BY name ASC', (user_id, )).fetchall()
cats = all_category()
if not categories:
flash('Vous n\'avez pas encore ajouté de catégorie.', 'danger')
return render_template('category/index.html',
categories=categories,
cats=cats)
def search():
query = "%" + request.args['q'] + "%"
db = get_db()
# Pour afficher la liste des catégories dans le menu
cats = all_category()
searches = db.execute(
'SELECT *'
' FROM product p JOIN user u ON p.author_id = u.id'
' where name like ? OR description like ?', (query, query,)
).fetchall()
# Si pas de résultats trouvés
if not searches:
flash('Pas de résultats trouvés pour ' + query.replace("%", ""), 'danger')
return render_template('product/search.html', searches=searches, query=query.replace("%", ""), cats=cats)
