def admin_post_mod(post_id):
print(f"post_id:{post_id}")
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
# load single post and load template
print(f"user_id {session['user_id']}")
print(f"user_level {session['user_level']}")
if session['user_level'] <= 2:
sql = "SELECT * FROM post WHERE idpost = :idpost"
post = db.execute(sql, idpost=post_id)
else:
sql = "SELECT * FROM post WHERE idpost = :idpost AND idusers = :id"
post = db.execute(sql, idpost=post_id, id=session['user_id'])
print(f"loaded post: {post}")
return render_template("admin-post-modify.html",
opt=opt,
menu=menu,
page=this_page,
post=post)
def index():
# load global options
opt = global_options(db)
menu = global_menu(db)
# load page options
this_page = load_page(db, "homepage")
if this_page == False:
return apology("Sorry, page not found", 404)
else:
# load all post in Homepage
sql_main = "SELECT post.idpost, post.url, post.title, post.subtitle, post.photo as photo, post.tags, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=1 ORDER BY date DESC LIMIT 0,1;"
sql_main_others = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=1 ORDER BY date DESC LIMIT 1,9;"
sql_aside = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=2 ORDER BY date DESC LIMIT 3;"
main = db.execute(sql_main)
aside = db.execute(sql_aside)
main_others = db.execute(sql_main_others)
return render_template("base.html",
opt=opt,
page=this_page,
menu=menu,
post_main=main,
post_aside=aside,
post_main_others=main_others)
def page_url(page_url):
# load global options
opt = global_options(db)
menu = global_menu(db)
# load page options
this_page = load_page(db, page_url)
if this_page == False:
return apology("Sorry, page not found", 404)
else:
print(f"homepage: {this_page}")
return render_template("base_page.html",
opt=opt,
page=this_page,
menu=menu)
def admin():
if 'user_id' in session:
# there is a valid session, redirect to admin/home
return redirect("/admin/home")
else:
# load page LOGIN metadata from db.pages
this_page = load_page(db, "login")
# load global options
opt = global_options(db)
menu = global_menu(db)
return render_template("admin-login.html",
opt=opt,
page=this_page,
menu=menu)
def admin_profile():
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
profile = db.execute("SELECT * FROM users WHERE id = :id",
id=session["user_id"])
if len(profile) == 0:
return apology("I can't find your user profile in database", 500)
else:
return render_template("admin-profile.html",
profile=profile[0],
opt=opt,
menu=menu,
page=this_page)
def admin_users():
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
# load online posts in admin/home
rows = db.execute(
"SELECT users.*, users_level.* FROM users, users_level WHERE users.idusers_level = users_level.idusers_level ORDER BY users.idusers_level ASC, users.email ASC"
)
return render_template("admin-users.html",
opt=opt,
menu=menu,
page=this_page,
rows=rows)
def post_url(post_url):
# load global options
opt = global_options(db)
menu = global_menu(db)
# load post
post = db.execute(
"SELECT post.*, users.photo as user_photo, users.name FROM post, users WHERE post.idusers = users.id AND url = :url AND is_visible=1",
url=post_url)
if len(post) == 0:
return apology("Post not found", 404)
else:
datetime_str = str(post[0]['date'])
datetime_object = datetime.strptime(datetime_str, '%Y-%m-%d %H:%M:%S')
date_label = datetime_object.strftime("%A, %B %d, %Y")
post[0]['date_label'] = date_label
return render_template("base_post.html", opt=opt, page=post[0], menu=menu)
def admin_pages():
# SECURITY USER LEVEL CHECK
if session["user_level"] != 1:
return redirect("/admin/home")
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
# load online posts in admin/home
rows = db.execute(
"SELECT * FROM pages ORDER BY locked DESC, menu_item DESC, is_visible DESC"
)
return render_template("admin-pages.html",
opt=opt,
menu=menu,
page=this_page,
rows=rows)
def admin_drafts():
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
# load online posts in admin/home
if session['user_level'] < 3:
sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 ORDER BY post.date DESC LIMIT 20"
rows = db.execute(sql)
else:
sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 AND post.idusers=:id_linked_user ORDER BY post.date DESC LIMIT 20"
rows = db.execute(sql, id_linked_user=session['user_id'])
return render_template("admin-drafts.html",
opt=opt,
menu=menu,
page=this_page,
rows=rows)
def admin_users_detail(id):
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
sql = "SELECT * FROM users WHERE id = :id "
content = db.execute(sql, id=id)
if len(content) == 0:
return apology("User not found", 500)
# load user levels
user_level = db.execute(
"SELECT * FROM users_level ORDER BY idusers_level ASC")
return render_template("admin-users-detail.html",
profile=content[0],
user_level=user_level,
opt=opt,
menu=menu,
page=this_page)
def admin_page_mod(page_id):
# SECURITY USER LEVEL CHECK
if session["user_level"] != 1:
return redirect("/admin/home")
# load global options
opt = global_options(db)
menu = global_menu(db)
this_page = admin_default_tags()
# load single post and load template
if session['user_level'] == 1:
sql = "SELECT * FROM pages WHERE idpages = :idpages"
post = db.execute(sql, idpages=page_id)
else:
return apology("Sorry, you're not authorized to manage pages", 301)
return render_template("admin-page-modify.html",
opt=opt,
menu=menu,
page=this_page,
post=post)