def updateIncident():
'''
updateIncident() is called by the ajax call to update the incident
-reads all fields in the format
-calls a function in the DAO to update the incident table
-upon success, returns a success message to the front end
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
#get all the information from the fields on the front end
reportID = request.args.get('reportID')
anonymousToReported = request.args.get('anonymousToReported')
anonymousToAll = request.args.get('anonymousToAll')
advocateID = request.args.get('advocateID')
reportedID = request.args.get('reportedID')
location = request.args.get('location')
date = request.args.get('date')
category = request.args.get('category')
description = request.args.get('description')
#call to DAO
success = incidentReporter.updateIncident(conn, reportID,
anonymousToReported,
anonymousToAll, advocateID,
reportedID, location, date,
category, description)
#return success message
return jsonify({'success': success})
def attachment(reportID):
'''
attachment(reportID) allows users to attach a file to their incidentDetailPage
'''
conn = incidentReporter.getConn('c9')
attachment = incidentReporter.getAttachment(conn, reportID)
file = attachment['file']
return Response(file, mimetype='attachment/' + imghdr.what(None, file))
def incidentReport():
'''
incidentReport() houses the main incident report form for students
- On GET, displays form
- On POST, submits incident report
'''
reportLock = Lock()
reportLock.acquire()
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
admin = session.get('admin')
if request.method == 'GET':
facStaff = incidentReporter.getFacStaff(conn)
reportLock.release()
return render_template('incidentReport.html',
userID=uid,
admin=admin,
userType=userType,
facStaff=facStaff,
submit=True,
incidentInfo=None,
page_title="incident report")
else:
rID = request.form['faculty']
aID = request.form['advocate']
# a person cannot report themselves
if uid == rID:
flash('Error: you cannot report yourself')
return redirect(request.referrer)
# update database with information from a valid report
info = request.form
# If user didn't upload a file, send last param as None
if 'file' not in request.files:
incidentReporter.insertIncident(conn, info, uid, rID, aID, None)
return redirect(
url_for('studentInbox',
userType=userType,
admin=admin,
page_title="student inbox"))
else:
# get uploaded file
f = request.files['file']
mime_type = imghdr.what(f.stream)
if mime_type not in ['jpeg', 'gif', 'png', 'pdf']:
raise Exception(
'Not a JPEG, GIF, PNG, or PDF: {}'.format(mime_type))
upload = f.read()
incidentReporter.insertIncident(conn, info, uid, rID, aID, upload)
reportLock.release()
return redirect(
url_for('studentInbox',
userType=userType,
admin=admin,
page_title="student inbox"))
def deleteIncident(id):
''' This function takes an ID of an incident report as a parameter and
deletes the incident report associated with the given ID.
- Only the original reporter can delete an incident report
- Renders home page
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
incidentReporter.deleteIncident(conn, id)
return render_template('home.html', userID=uid, page_title="home")
def getAggregateDataMetrics():
'''
getAggregateDataMetrics is a helper function that abstracts the data analysis away from the route
'''
conn = incidentReporter.getConn('c9')
incidentInfo = incidentReporter.getAllIncidentsAggregate(conn)
#call helper functions
numIncidentsThisWeek = getNumIncidentsThisWeek(incidentInfo)
incidentByReported = getIncidentsThisReported(incidentInfo)
incidentByLocation = getIncidentByLocation(incidentInfo)
incidentByCategory = getIncidentByCategory(incidentInfo)
return numIncidentsThisWeek, incidentByReported, incidentByLocation, incidentByCategory
def studentInbox():
'''
This route renders the student inbox which displays all incidents reported by student
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
isAdmin = session['admin']
incidentsList = incidentReporter.getAllReportedStudent(conn, uid)
return render_template('inbox.html',
userType=userType,
isAdmin=isAdmin,
userID=uid,
incidentsList=incidentsList,
page_title="student inbox")
def adminInbox():
'''
This route renders the admin inbox which displays all reported incidents (for admin)
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
admin = session['admin']
incidentsList = incidentReporter.getAllIncidentsInbox(conn)
return render_template('inbox.html',
userType=userType,
admin=admin,
userID=uid,
incidentsList=incidentsList,
page_title="admin inbox")
def incidentDetailPage(id):
'''This function shows takes one parameter, id, the incident ID and
renders the page with all details regarding the incident with the given ID.
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
admin = session.get('admin')
incidentInfo = incidentReporter.getIncidentInfo(conn, id)
return render_template('incidentDetailPage.html',
userID=uid,
admin=admin,
userType=userType,
incident=incidentInfo,
page_title="detail page")
def join():
''' Join route for a user to create an account in our database.
Additionally, performs the following:
- checks that passwords entered match each other
- stores hashed version of user's password with salt for security purposes
- ensures the entered email doesn't already exist in our database
- stores name, email, BNUM, login status, admin status, and user role in session
Users are unable to create an account with admin status in order to
prevent just anyone from gaining administrative rights
Finally, redirects to home route.
Any potential errors are flashed.
'''
try:
name = request.form.get('name')
email = request.form.get('email-j')
userType = request.form.get('userType')
passwd1 = request.form.get('password1')
passwd2 = request.form.get('password2')
if passwd1 != passwd2:
flash('passwords do not match')
return redirect(url_for('home'))
hashed = bcrypt.hashpw(passwd1.encode('utf-8'), bcrypt.gensalt())
conn = incidentReporter.getConn('c9')
curs = conn.cursor()
try:
incidentReporter.insertNewUser(conn, hashed, name, email, False,
userType)
except MySQLdb.IntegrityError as err:
flash('That email is already in the system')
return redirect(url_for('home'))
curs.execute('select last_insert_id()')
row = curs.fetchone()
uid = row[0]
session['name'] = name
session['email'] = email
session['UID'] = uid
session['logged_in'] = True
session['role'] = userType
session['admin'] = False
return redirect(
url_for('home', userID=uid, userType=userType, admin=False))
except Exception as err:
flash('form submission error ' + str(err))
return redirect(url_for('home'))
def home():
try:
uid = session['UID']
except:
uid = None
if uid:
conn = incidentReporter.getConn('c9')
print (uid)
userInfo = incidentReporter.getUserInformation(conn, uid)
print(userInfo)
return render_template('home.html',
userID = uid,
userInfo = userInfo)
def advocateInbox():
'''
This route renders the advocate inbox which displays all incidents reports in which
the facstaff is named an advocate
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
admin = session['admin']
incidentsList = incidentReporter.getAllReportedAdvocate(conn, uid)
return render_template('inbox.html',
userType=userType,
admin=admin,
userID=uid,
incidentsList=incidentsList,
page_title="advocate inbox")
def rate_movie(searchTerm=None, json=None):
conn = incidentReporter.getConn('wmdb')
if searchTerm == None:
movies = incidentReporter.getAllMovies(conn)
elif searchTerm:
movies = incidentReporter.getMovieByTitle(conn, searchTerm)
try:
uid = session['UID']
except:
uid = None
if request.method == 'GET':
return render_template('movie-list.html',
movieList=movies,
userID = uid)
def login():
''' Login route for users with existing accounts to log in.
Additionally, performs the following:
- checks if entered password matches the one that is associated with the
user's email/info
- flashes error if user enters incorrect password or an email that is not
yet in the system
- stores name, email, BNUM, login status, admin status, and user role in session
Finally, redirects to home page.
Any potential errors are flashed.
'''
try:
email = request.form.get('email')
passwd = request.form.get('password')
conn = incidentReporter.getConn('c9')
curs = conn.cursor(MySQLdb.cursors.DictCursor)
curs.execute(
'SELECT BNUM,hashed,name,isAdmin,role FROM user WHERE email = %s',
[email])
person = curs.fetchone()
if person is None:
# Same response as wrong password, so no information about what went wrong
flash('login incorrect. Try again or join')
return redirect(url_for('home'))
hashed = person['hashed']
# strings always come out of the database as unicode objects
if bcrypt.hashpw(passwd.encode('utf-8'),
hashed.encode('utf-8')) == hashed:
session['name'] = person['name']
session['email'] = email
session['UID'] = person['BNUM']
session['logged_in'] = True
session['admin'] = person['isAdmin']
session['role'] = person['role']
return redirect(url_for('home'))
else:
flash('login incorrect. Try again or join')
return redirect(url_for('home'))
except Exception as err:
print('form submission error ' + str(err))
return redirect(url_for('home'))
def editDetailPage(id):
'''
This function takes in one parameter, an incident report ID. This route
leads to a page where students can edit the incidents they have already created
-only students can edit reports
-reports will be automatically saved via ajax
'''
#general set up
conn = incidentReporter.getConn('c9')
uid = session['UID']
facStaff = incidentReporter.getFacStaff(conn)
incidentInfo = incidentReporter.getIncidentInfo(conn, id)
userType = session['role']
#render the same template used to report an incident, but this time
#submit is false (we are not submitting an incident) and incident Info has a value
return render_template('incidentReport.html',
userID=uid,
facStaff=facStaff,
userType=userType,
submit=False,
incidentInfo=incidentInfo)
def aggregate():
'''
aggregate shows the admin the data in helpful aggregated forms
'''
conn = incidentReporter.getConn('c9')
uid = session['UID']
userType = session['role']
admin = session['admin']
#users helper function to get all metrics to pass to the front end
numIncidentsThisWeek, incidentByReported, incidentByLocation, incidentByCategory = getAggregateDataMetrics(
)
return render_template('aggregate.html',
userID=uid,
admin=admin,
userType=userType,
numWeek=numIncidentsThisWeek,
reportedCounts=incidentByReported,
locationCounts=incidentByLocation,
categoryCounts=incidentByCategory,
page_title="aggregate data")
def updateRating():
if request.method == 'POST':
try:
uid = session['UID']
except:
flash("you must be logged in to rate a movie")
return redirect(request.referrer)
try:
conn = incidentReporter.getConn('wmdb')
tt = request.form.get('tt')
rating = request.form.get('stars')
incidentReporter.updateUserRating(conn, uid, tt, rating)
newAvg = incidentReporter.calculateAverage(conn, tt)
flash ("New average rating of " + str(newAvg['avg_rating']))
return redirect(request.referrer)
except:
flash("please try again later")
return redirect(request.referrer)
'''
testData.py
CS304 SP19 Final Project
Julia Klugherz, Karina Lin, Katherine Gao
This is a python file to read a JSON file of test data that we can insert
into our SQL database more efficiently.
'''
import json, incidentReporter, bcrypt
with open('testData.json', 'r') as f:
users = json.load(f)
# for each object in the parsed JSON file we hash the user's password and
# then add that and all their information (name, email, administrative status, role) into
# our database using the insertNewUser function from incidentReporter.py
for user in users:
hashed = bcrypt.hashpw(user['password'].encode('utf-8'), bcrypt.gensalt())
name = user['name']
email = user['email']
isAdmin = user['adminStatus']
role = user['role']
conn = incidentReporter.getConn('c9')
incidentReporter.insertNewUser(conn, hashed, name, email, isAdmin, role)