def deleteUser(user_id): '''Serve a form to delete a user ''' user = DataManager.getUser(user_id) if user.id != login_session['user_id']: flash("You do not have permission to delete this profile") return redirect(url_for('user', user_id=user.id)) client_login_session = getClientLoginSession() if request.method == 'POST': if isCSRFAttack(request.form['hiddenToken']): return redirect(url_for('restaurantManagerIndex')) DataManager.deleteUser(user.id) flash("deleted " + user.name + " from " +\ "the database") # this is messy but needed because even though disconnect() -- which # deletes all of this information (confirmed with print statements) -- # has already run on "onsubmit" with submission of this form, # the login_session mysteriously still has all of this information del login_session['credentials'] del login_session['user_id'] del login_session['username'] del login_session['picture'] del login_session['email'] del login_session['picture_serve_type'] if 'gplus_id' in login_session: del login_session['gplus_id'] elif 'facebook_id' in login_session: del login_session['facebook_id'] return redirect(url_for('users')) return render_template('DeleteUser.html', user=user, hiddenToken=login_session['state'], client_login_session=client_login_session)
def restaurant(restaurant_id): '''Serve info about a restaurant ''' client_login_session = getClientLoginSession() restaurant = DataManager.getRestaurant(restaurant_id) owner = DataManager.getUser(restaurant.user_id) restaurantMenuItems = DataManager.\ getRestaurantMenuItems(restaurant_id=restaurant_id) cuisine = DataManager.getCuisine(cuisine_id=restaurant.cuisine_id) picture = DataManager.getPicture(restaurant.picture_id) numMenuItems = len(restaurantMenuItems) if numMenuItems > 0: mostExpensiveItem = restaurantMenuItems[0] for item in restaurantMenuItems: if item.price > mostExpensiveItem.price: mostExpensiveItem = item mostExpensiveItem.price =\ Decimal(mostExpensiveItem.price).\ quantize(Decimal('0.01')) mostExpensiveItem.price =\ Decimal(mostExpensiveItem.price).\ quantize(Decimal('0.01')) else: mostExpensiveItem = DataManager.\ getBaseMenuItem(baseMenuItem_id=-1) mostExpensiveItem.name = 'N/A' mostExpensiveItem.price = 'N/A' return render_template('Restaurant.html', restaurant=restaurant, numMenuItems=numMenuItems, mostExpensiveItem=mostExpensiveItem, cuisine=cuisine, picture=picture, owner=owner, client_login_session=client_login_session)
def userJSON(user_id): '''JSON endpoint for a single user ''' user = DataManager.getUser(user_id) return jsonify(User=user.serialize)
def user(user_id): '''Serve a user's profile ''' client_login_session = getClientLoginSession() user = DataManager.getUser(user_id=user_id) picture = DataManager.getPicture(user.picture_id) userThings = DataManager.getUserThings(user.id) # calculate some stats to show loggedInStats = {} numRestaurants = 0 mostExpensiveRest = None mostExpensiveRestAvgPrice = None leastExpensiveRest = None leastExpensiveRestAvgPrice = None numMenuItems = 0 mostExpensiveMenuItem = None leastExpensiveMenuItem = None for restaurantID in userThings: numRestaurants = numRestaurants + 1 numItemsThisRestaurant = 0 totalRestaurantPrices = 0 thisRestaurantAvgItemPrice = None for menuSectionName in userThings[restaurantID]['items']: for item in userThings[restaurantID]['items'][menuSectionName]: item.price = Decimal(item.price).\ quantize(Decimal('0.01')) numMenuItems = numMenuItems + 1 numItemsThisRestaurant = numItemsThisRestaurant + 1 if mostExpensiveMenuItem is None: mostExpensiveMenuItem = item elif item.price > mostExpensiveMenuItem.price: mostExpensiveMenuItem = item elif (leastExpensiveMenuItem is None and numMenuItems > 1): leastExpensiveMenuItem = item elif (item.price < leastExpensiveMenuItem.price and numMenuItems > 1): leastExpensiveMenuItem = item totalRestaurantPrices = totalRestaurantPrices + item.price if numItemsThisRestaurant > 0: thisRestaurantAvgItemPrice = \ totalRestaurantPrices/numItemsThisRestaurant else: thisRestaurantAvgItemPrice = None if (mostExpensiveRest is None and numItemsThisRestaurant > 0): mostExpensiveRest = \ userThings[restaurantID]['restaurant'] mostExpensiveRestAvgPrice = thisRestaurantAvgItemPrice elif thisRestaurantAvgItemPrice > mostExpensiveRestAvgPrice: mostExpensiveRest = \ userThings[restaurantID]['restaurant'] mostExpensiveRestAvgPrice = thisRestaurantAvgItemPrice elif (leastExpensiveRest is None and numRestaurants > 1 and numItemsThisRestaurant > 0): leastExpensiveRest = \ userThings[restaurantID]['restaurant'] leastExpensiveRestAvgPrice = thisRestaurantAvgItemPrice elif (thisRestaurantAvgItemPrice < \ leastExpensiveRestAvgPrice and numRestaurants > 1): leastExpensiveRest = \ userThings[restaurantID]['restaurant'] leastExpensiveRestAvgPrice = thisRestaurantAvgItemPrice if mostExpensiveRestAvgPrice: mostExpensiveRestAvgPrice = \ Decimal(mostExpensiveRestAvgPrice).\ quantize(Decimal('0.01')) if leastExpensiveRestAvgPrice: leastExpensiveRestAvgPrice = \ Decimal(leastExpensiveRestAvgPrice).\ quantize(Decimal('0.01')) if (isLoggedIn() and login_session['user_id'] == user.id): # could put stats in a loginStats dictionary return render_template('PrivateUserProfile.html', user=user, picture=picture, userThings=userThings, numRestaurants=numRestaurants, numMenuItems=numMenuItems, mostExpensiveRest=mostExpensiveRest, mostExpensiveRestAvgPrice=mostExpensiveRestAvgPrice, leastExpensiveRest=leastExpensiveRest, leastExpensiveRestAvgPrice=leastExpensiveRestAvgPrice, mostExpensiveMenuItem=mostExpensiveMenuItem, leastExpensiveMenuItem=leastExpensiveMenuItem, client_login_session=client_login_session) else: return render_template('PublicUserProfile.html', user=user, picture=picture, userThings=userThings, numRestaurants=numRestaurants, numMenuItems=numMenuItems, client_login_session=client_login_session)
def editUser(user_id): '''Serve a form to edit a user ''' user = DataManager.getUser(user_id) if user.id != login_session['user_id']: flash("You do not have permission to edit this profile") return redirect(url_for('user', user_id=user.id)) client_login_session = getClientLoginSession() picture = DataManager.getPicture(user.picture_id) if request.method == 'POST': if isCSRFAttack(request.form['hiddenToken']): return redirect(url_for('restaurantManagerIndex')) oldName = user.name oldPicture = picture newName = validateUserInput(request.form['name'], 'name', 'edit', 'user', maxlength=30, oldInput=oldName, usernameFormat=True) providedPic = validateUserPicture('edit', 'user', file=request.files['pictureFile'], link=request.form['pictureLink'], maxlength=300) if providedPic is not None: # delete the old pic if it was an upload and new is a link # or save the new pic if it was an upload if (providedPic['serve_type'] == 'link' and oldPicture.serve_type == 'upload'): path = app.config['UPLOAD_FOLDER']+'/'+oldPicture.text os.remove(path) flash("deleted old uploaded pic") elif providedPic['serve_type'] == 'upload': picfilename = 'user' + str(user_id) request.files['pictureFile'].save(os.path.\ join(app.config['UPLOAD_FOLDER'], picfilename)) providedPic['text'] = picfilename # edit the pic DataManager.editPicture(user.picture_id, newText=providedPic['text'], newServe_Type=providedPic['serve_type']) picture = DataManager.getPicture(user.picture_id) login_session['picture'] = picture.text login_session['picture_serve_type'] = picture.serve_type flash("updated your picture!") # we edited the pic directly, no need to include here DataManager.editUser(user.id, newName=newName) if newName is not None: login_session['username'] = newName flash("changed your username from '" + oldName +\ "' to '"+newName+"'") return redirect(url_for('user', user_id=user.id)) else: return render_template('EditUser.html', user=user, picture=picture, hiddenToken=login_session['state'], client_login_session=client_login_session)