def record(id): record = get_record(id) activity = get_activity(record['activity_id']) if request.method == 'POST': title = request.form['title'] description = request.form['description'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() finished_at = datetime.datetime.now() db.execute( 'UPDATE record SET finished_at = ?, is_active = ?, title = ?, description = ?' ' WHERE id = ?,', (finished_at, False, id, title, description) ) db.commit() return redirect(url_for('selector.index')) if request.method == 'DELETE': db = get_db() db.execute('DELETE FROM record WHERE id = ?', (id,)) db.commit() if record['is_active']: return render_template('selector/active_record.html', record=record, activity=activity) return render_template('selector/inactive_record.html', record=record, activity=activity)
def test_get_close_db(app): with app.app_context(): db = get_db() assert db is get_db() with pytest.raises(sqlite3.ProgrammingError) as e: db.execute('SELECT 1') assert 'closed' in str(e.value)
def activity_create(): if request.method == 'POST': title = request.form['title'] description = request.form['description'] score = request.form['score'] category_id = request.form['category_id'] error = None if not title: error = 'title is required.' if not score: error = 'score is required.' if not category_id: error = 'category is required' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO activity (title, description, score, category_id, user_id)' ' VALUES (?, ?, ?, ?, ?)', (title, description, score, category_id, g.user['id']) ) db.commit() return redirect(url_for('settings.index')) return render_template('settings/category_create.html')
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] password_confirmation = request.form['password-confirmation'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif not password_confirmation: error = 'Password is required.' elif not password_confirmation == password: error = 'Password confirmation doesn\'t match.' elif db.execute( 'SELECT id FROM user WHERE username = ?', (username,) ).fetchone() is not None: error = 'User {} is already registered.'.format(username) if error is None: db.execute( 'INSERT INTO user (username, password) VALUES (?, ?)', (username, generate_password_hash(password)) ) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute( 'SELECT * FROM user WHERE id = ?', (user_id,) ).fetchone()
def test_update(client, auth, app): auth.login() assert client.get('/1/update').status_code == 200 client.post('/1/update', data={'title': 'updated', 'body': ''}) with app.app_context(): db = get_db() post = db.execute('SELECT * FROM post WHERE id = 1').fetchone() assert post['title'] == 'updated'
def test_create(client, auth, app): auth.login() assert client.get('/create').status_code == 200 client.post('/create', data={'title': 'created', 'body': ''}) with app.app_context(): db = get_db() count = db.execute('SELECT COUNT(id) FROM post').fetchone()[0] assert count == 2
def test_delete(client, auth, app): auth.login() response = client.post('/1/delete') assert response.headers['Location'] == 'http://localhost/' with app.app_context(): db = get_db() post = db.execute('SELECT * FROM post WHERE id = 1').fetchone() assert post is None
def category(): category = get_category(id) if request.method == 'POST': db = get_db() db.execute( 'UPDATE record SET finished_at = ?, is_active = ?' ' WHERE id = ?,', (False, False, id) ) db.commit() return redirect(url_for('settings.index')) if request.method == 'DELETE': db = get_db() db.execute('DELETE FROM record WHERE id = ?', (id,)) db.commit() return render_template('settings/category.html', category=category)
def start(activity_id): db = get_db() cursor = db.cursor() cursor.execute( 'INSERT INTO record (is_active, user_id, activity_id)' ' VALUES (?, ?, ?)', (True, g.user['id'], activity_id) ) db.commit() cratedRecordId = cursor.lastrowid return redirect(url_for('selector.record', id=cratedRecordId))
def test_register(client, app): assert client.get('/auth/register').status_code == 200 response = client.post('/auth/register', data={ 'username': '******', 'password': '******' }) assert 'http://localhost/auth/login' == response.headers['Location'] with app.app_context(): assert get_db().execute( "select * from user where username = '******'", ).fetchone() is not None
def test_author_required(app, client, auth): # change the post author to another user with app.app_context(): db = get_db() db.execute('UPDATE post SET author_id = 2 WHERE id = 1') db.commit() auth.login() # current user can't modify other user's post assert client.post('/1/update').status_code == 403 assert client.post('/1/delete').status_code == 403 # current user doesn't see edit link assert b'href="/1/update"' not in client.get('/').data
def settings(): db = get_db() categories = db.execute( ' SELECT id, title, description, is_positive, icon, user_id' ' FROM category' ).fetchall() category_activities = {} for category in categories: activities = db.execute( ' SELECT id, title, description, score, icon, category_id' ' FROM activity WHERE category_id = {}'.format(category['id']) ).fetchall() category_activities[category['id']] = activities return render_template('settings/settings.html', activities=category_activities, categories=categories)
def get_record(id, check_user=True): record = get_db().execute( ' SELECT r.id, started_at, r.title, r.description, activity_id, r.user_id, a.title, is_active' ' FROM record r JOIN activity a ON r.activity_id = a.id' ' WHERE r.id = ?', (id,) ).fetchone() if record is None: abort(404, "Record id {0} doesn't exist.".format(id)) if check_user and record['user_id'] != g.user['id']: abort(403) return record
def get_post(id, check_user=True): post = get_db().execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id,) ).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_user and post['author_id'] != g.user['id']: abort(403) return post
def get_category(id, check_user=True): category = get_db().execute( 'SELECT id, is_positive, description, icon, user_id' 'FROM category' 'WHERE id = ?', (id,) ).fetchone() if category is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_user and category['author_id'] != g.user['id']: abort(403) return category
def get_activity(id, check_user=True): activity = get_db().execute( ' SELECT a.id, a.title, a.description, score, a.icon, category_id, a.user_id, c.title' ' FROM activity a JOIN category c ON a.category_id = c.id' ' WHERE a.id = ?', (id,) ).fetchone() if activity is None: abort(404, "Activity id {0} doesn't exist.".format(id)) if check_user and activity['user_id'] and activity['user_id'] != g.user['id']: abort(403) return activity
def create(category_id): if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO activity (title, body, author_id)' ' VALUES (?, ?, ?)', (title, body, g.user['id']) ) db.commit() return redirect(url_for('selector.index')) return render_template('selector/create.html', category_id=category_id)
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute( 'SELECT * FROM user WHERE username = ?', (username,) ).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: session.clear() session['user_id'] = user['id'] return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def category_create(): if request.method == 'POST': title = request.form['title'] description = request.form['description'] is_positive = request.form['is_positive'] error = None if not title: error = 'title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO category (title, description, is_positive, user_id)' ' VALUES (?, ?, ?, ?)', (title, description, is_positive, g.user['id']) ) db.commit() return redirect(url_for('settings.index')) return render_template('settings/category_create.html')
def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE post SET title = ?, body = ?' ' WHERE id = ?', (title, body, id) ) db.commit() return redirect(url_for('selector.index')) return render_template('selector/update.html', post=post)
def delete(id): get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id,)) db.commit() return redirect(url_for('selector.index'))