def admin_post_mod(post_id): print(f"post_id:{post_id}") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load single post and load template print(f"user_id {session['user_id']}") print(f"user_level {session['user_level']}") if session['user_level'] <= 2: sql = "SELECT * FROM post WHERE idpost = :idpost" post = db.execute(sql, idpost=post_id) else: sql = "SELECT * FROM post WHERE idpost = :idpost AND idusers = :id" post = db.execute(sql, idpost=post_id, id=session['user_id']) print(f"loaded post: {post}") return render_template("admin-post-modify.html", opt=opt, menu=menu, page=this_page, post=post)
def index(): # load global options opt = global_options(db) menu = global_menu(db) # load page options this_page = load_page(db, "homepage") if this_page == False: return apology("Sorry, page not found", 404) else: # load all post in Homepage sql_main = "SELECT post.idpost, post.url, post.title, post.subtitle, post.photo as photo, post.tags, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=1 ORDER BY date DESC LIMIT 0,1;" sql_main_others = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=1 ORDER BY date DESC LIMIT 1,9;" sql_aside = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=1 AND post.idpost_place=2 ORDER BY date DESC LIMIT 3;" main = db.execute(sql_main) aside = db.execute(sql_aside) main_others = db.execute(sql_main_others) return render_template("base.html", opt=opt, page=this_page, menu=menu, post_main=main, post_aside=aside, post_main_others=main_others)
def page_url(page_url): # load global options opt = global_options(db) menu = global_menu(db) # load page options this_page = load_page(db, page_url) if this_page == False: return apology("Sorry, page not found", 404) else: print(f"homepage: {this_page}") return render_template("base_page.html", opt=opt, page=this_page, menu=menu)
def admin(): if 'user_id' in session: # there is a valid session, redirect to admin/home return redirect("/admin/home") else: # load page LOGIN metadata from db.pages this_page = load_page(db, "login") # load global options opt = global_options(db) menu = global_menu(db) return render_template("admin-login.html", opt=opt, page=this_page, menu=menu)
def admin_profile(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() profile = db.execute("SELECT * FROM users WHERE id = :id", id=session["user_id"]) if len(profile) == 0: return apology("I can't find your user profile in database", 500) else: return render_template("admin-profile.html", profile=profile[0], opt=opt, menu=menu, page=this_page)
def admin_users(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home rows = db.execute( "SELECT users.*, users_level.* FROM users, users_level WHERE users.idusers_level = users_level.idusers_level ORDER BY users.idusers_level ASC, users.email ASC" ) return render_template("admin-users.html", opt=opt, menu=menu, page=this_page, rows=rows)
def post_url(post_url): # load global options opt = global_options(db) menu = global_menu(db) # load post post = db.execute( "SELECT post.*, users.photo as user_photo, users.name FROM post, users WHERE post.idusers = users.id AND url = :url AND is_visible=1", url=post_url) if len(post) == 0: return apology("Post not found", 404) else: datetime_str = str(post[0]['date']) datetime_object = datetime.strptime(datetime_str, '%Y-%m-%d %H:%M:%S') date_label = datetime_object.strftime("%A, %B %d, %Y") post[0]['date_label'] = date_label return render_template("base_post.html", opt=opt, page=post[0], menu=menu)
def admin_pages(): # SECURITY USER LEVEL CHECK if session["user_level"] != 1: return redirect("/admin/home") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home rows = db.execute( "SELECT * FROM pages ORDER BY locked DESC, menu_item DESC, is_visible DESC" ) return render_template("admin-pages.html", opt=opt, menu=menu, page=this_page, rows=rows)
def admin_drafts(): # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load online posts in admin/home if session['user_level'] < 3: sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 ORDER BY post.date DESC LIMIT 20" rows = db.execute(sql) else: sql = "SELECT post.*, users.name FROM post, users WHERE post.idusers = users.id AND post.is_visible=0 AND post.idusers=:id_linked_user ORDER BY post.date DESC LIMIT 20" rows = db.execute(sql, id_linked_user=session['user_id']) return render_template("admin-drafts.html", opt=opt, menu=menu, page=this_page, rows=rows)
def admin_users_detail(id): opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() sql = "SELECT * FROM users WHERE id = :id " content = db.execute(sql, id=id) if len(content) == 0: return apology("User not found", 500) # load user levels user_level = db.execute( "SELECT * FROM users_level ORDER BY idusers_level ASC") return render_template("admin-users-detail.html", profile=content[0], user_level=user_level, opt=opt, menu=menu, page=this_page)
def admin_page_mod(page_id): # SECURITY USER LEVEL CHECK if session["user_level"] != 1: return redirect("/admin/home") # load global options opt = global_options(db) menu = global_menu(db) this_page = admin_default_tags() # load single post and load template if session['user_level'] == 1: sql = "SELECT * FROM pages WHERE idpages = :idpages" post = db.execute(sql, idpages=page_id) else: return apology("Sorry, you're not authorized to manage pages", 301) return render_template("admin-page-modify.html", opt=opt, menu=menu, page=this_page, post=post)