def remove_maintenance_mode() :
"""This function sets the "maintenance" attribute of all users to "False".
All users will be able to access any page on the site normally."""
User.objects(role = 0 and 1).update(maintenance = False)
return redirect(url_for('profile.profile'))
def maintenance_mode() :
"""This function sets the "maintenance" attribute of all users to "True".
All users will see the Maintenance Page when trying to access any page on the site."""
User.objects(role = 0 and 1).update(maintenance = True)
return redirect(url_for('profile.profile'))
def remove_from_favorite(item_id):
"""This function is available for the Seller User, it provides them with a form to edit an item of theirs.
Another Seller user can try to edit an item that is not theirs but will be flashed by a message preventing them to do so."""
User.objects(id = session['user']['id']).update_one(pull__favorite = item_id)
flash("Removed from favorite !:)")
return redirect(url_for('profile.profile'))
def display_users():
"""This function sets the "disable" attribute of the user to "True".
Such user can't access anything on the site (because of the decorator)."""
items = Item.objects()
seller_user = User.objects(role = 1)
buyer_user = User.objects(role = 0)
users = User.objects()
return render_template('profile/display-users.html' , buyer_user = buyer_user , seller_user = seller_user , users = users , items = items)
def init_db():
common_password = pbkdf2_sha256.hash('1234')
user_1 = User(username='******',
password=common_password,
birthday="2009-12-30 14:09:01",
email='*****@*****.**',
role=2,
firstname='Admin',
lastname='Admin').save()
user_2 = User(username='******',
password=common_password,
birthday="2009-12-30 14:09:01",
email='*****@*****.**',
role=0,
firstname='hesham',
lastname='marei').save()
user_3 = User(username='******',
password=common_password,
birthday="2009-12-30 14:09:01",
email='*****@*****.**',
role=1,
firstname='hamza',
lastname='radaideh').save()
item_1 = Item(user=user_1,
title="First",
description='First',
date="2009-12-30 14:09:01",
price="0",
category='clothes').save()
item_2 = Item(user=user_2,
title="Sec",
description='First',
date="2020-12-30 14:09:01",
price="0",
category='clothes').save()
item_3 = Item(user=user_3,
title="Third",
description='First',
date="2011-12-30 14:09:01",
price="0",
category='clothes').save()
category_1 = Category(value='1', label='Clothes').save()
category_2 = Category(value='2', label='Vehicles').save()
category_3 = Category(value='3', label='Digital Devices').save()
return "Database initialized :)!"
def login():
"""This function validates the user's login credentials then takes them to the Home page."""
# created an instance of our form
login_form = LoginForm()
# check if it is a form submission
if login_form.validate_on_submit():
# read values from the login wtform
username = login_form.username.data
password = login_form.password.data
user = User.objects(username=username).first()
# check if credentials are valid
if user and user.authenticate(username, password):
session['user'] = user.serialize()
# redirect the user after login
return redirect(url_for('home.home'))
else:
# invalid credentials, redirect to login with error message
flash("Login invalid. Please check your username and password.")
return redirect(url_for('home.home'))
return redirect("/profile")
# render the login template
return render_template('login/login.html', form=login_form)
def edit_profile_user():
"""This function provides the user with a form to edit their information."""
user = User.objects(id=session["user"]['id']).first()
edit_profile_form = EditProfile()
if request.method == "GET":
edit_profile_form.new_first_name.data = session['user']['firstname']
edit_profile_form.new_last_name.data = session['user']['lastname']
if edit_profile_form.validate_on_submit():
new_first_name = edit_profile_form.new_first_name.data
new_last_name = edit_profile_form.new_last_name.data
user.firstname = new_first_name
user.lastname = new_last_name
user.save()
session['user'] = user.serialize()
return redirect(url_for('home.home'))
return render_template("user/edit-profile.html", form=edit_profile_form)
def home():
""" This function is display unsold item """
user = User.objects()
items = Item.objects()
return render_template('item/home.html',user = user , items = items)
def disable_user_list(user_id) :
"""This function sets the "disable" attribute of the user to "True".
Such user can't access anything on the site (because of the decorator)."""
user = User.objects(id = user_id).first()
user.disable = True
user.save()
return redirect(url_for('profile.display_users'))
def review_upgrade_requests():
"""This function is available for the Admin user to preview Upgrade Requests to choose to Approve or Decline."""
users = User.objects()
upgrade_requests = []
for user in users:
upgrade_requests.append(UpgradeRequest.objects(user=user).all())
return render_template("notification/view-upgrades-requests.html",
upgrade_requests=upgrade_requests)
def review_buy_request():
current_user = User.objects(id=session['user']['id']).first()
my_items = Item.objects(user=current_user)
print(my_items)
my_buy_requests = []
for item in my_items:
my_buy_requests.append(BuyRequest.objects(item=item))
return render_template("notification/view-my-buy-request.html",
my_buy_requests=my_buy_requests)
def view_favorite():
"""This function lets the Buyer user see their favorited items."""
favorite_items = User.objects(id = session['user']['id']).get().favorites
items = []
for i in range(0 ,len(favorite_items)):
item = Item.objects(id = favorite_items[i]).first()
items.append(item)
print(items)
return render_template("profile/user-favorite.html" , items = items)
def unlock_disable_user_user_list(user_id) :
"""This function sets the "disable" attribute of the user to "False".
Such user can now use the site as usual with no restrictions."""
user = User.objects(id = user_id).first()
user.disable = False
user.save()
flash(f"Account '{user.username}' has been unlocked.!")
return redirect(url_for('profile.display_users'))
def edit_item(item_id):
"""This function is available for the Seller User, it provides them with a form to edit an item of theirs.
Another Seller user can try to edit an item that is not theirs but will be flashed by a message preventing them to do so."""
edit_item_form = EditItemForm()
categories = Category.objects()
edit_item_form.category.choices = [(category.value, category.label) for category in categories]
item = Item.objects(id = item_id).first()
if request.method == "GET":
edit_item_form.title.data = item.title
edit_item_form.description.data = item.description
edit_item_form.price.data = item.price
edit_item_form.category.data = item.category
if edit_item_form.validate_on_submit():
item_user = item.user
user = User.objects(id = session['user']['id']).first()
if user == item_user :
item.title = edit_item_form.title.data
item.description = edit_item_form.description.data
item.price = edit_item_form.price.data
item.category = edit_item_form.category.data
item.save()
flash("Your item has been edited successfully.")
else:
flash("Action Not Allowed: Editing an item you don't own.")
return redirect(url_for('home.home'))
return render_template("item/edit-item.html", form = edit_item_form)
def delete_item(item_id):
"""This function is available for the Seller User, it allows them to delete an item of theirs.
Another Seller user can try to delete an item that is not theirs but will be flashed by a message preventing them to do so."""
item = Item.objects(id = item_id).first()
item_user = item.user
user = User.objects(id = session['user']['id']).first()
if user == item_user :
Item.objects(id = item_id, user = session['user']['id']).first().delete()
flash('Item has been deleted')
else:
flash("Action Not Allowed: Deleting an item you don't own.")
return redirect(url_for("home.home"))
def change_password():
"""This function allows the user to change/update their password
It is a seperate functionality from "Edit Profile" for extra validation and seperation of concerns."""
user = User.objects(id=session['user']['id']).first()
change_password_form = ChangePasswordForm()
if change_password_form.validate_on_submit():
# read post values from the form
current_password = change_password_form.current_password.data
new_password = change_password_form.new_password.data
if (user):
user.change_password(current_password, new_password)
user.save()
flash("Your password has been successfully changed.")
return redirect(url_for('user.change_password'))
return render_template("user/change-password.html",
form=change_password_form)
def profile():
"""This function displays the logged in user's information."""
user = User.objects(id = session["user"]['id']).first()
return render_template('profile/profile.html' , user = user)
def signup():
"""This function creates an account for a new user."""
# created an instance of our form
signup_form = SignUpForm()
# check if it is a form submission
if signup_form.validate_on_submit():
#create instance from user model
user = User()
# read values from the login wtform
user.username = signup_form.username.data
user.firstname = signup_form.firstname.data
user.lastname = signup_form.lastname.data
user.password = user.encrypt_password(signup_form.password.data)
user.email = signup_form.email.data
user.birthday = signup_form.birthday.data
# save the user object
user.save()
return redirect(url_for("login.login"))
return render_template("sign-up/sign-up.html", form=signup_form)
def add_favorite(item_id):
"""This function lets a Buyer user add items to the Favorites List."""
# Add post ID to favorites list
User.objects(id = session['user']['id']).update_one(add_to_set__favorites = item_id)
flash("Added as favorite.")
return redirect(url_for('home.home'))
def disabled_list():
"""This function can be accessed by the Admin user to view which users they have locked(disable)."""
users = User.objects(disable = True)
return render_template('profile/blocked-list.html' , users = users, title = "Blocked-List" , icon = 'fas fa-users')
def remove_user(user_id):
"""This function removes the user specified from the database."""
User.objects(id = user_id).first().delete()
return redirect(url_for('profile.display_users'))