Exemple #1
0
def update(id):
    """Update a bookDataif the current manager is the author."""
    bookData = get_bookData(id)

    if request.method == 'POST':
        jyanru = request.form['jyanru']
        bookTitle = request.form['bookTitle']
        author = request.form['author']
        publisher = request.form['publisher']
        price = request.form['price']
        purchaseDate = request.form['purchaseDate']
        memo = request.form['memo']
        error = None

        if not bookTitle:
            error = 'bookTitle is required.'

        if error is not None:
            flash(error)
        else:
            db = get_db()
            db.execute(
                'UPDATE bookData SET jyanru = ?, bookTitle = ?, author = ?,  publisher = ?, price = ?, purchaseDate = ?, memo = ? WHERE id = ?',
                (jyanru, bookTitle, author, publisher, price, purchaseDate,
                 memo, id))
            db.commit()
            return redirect(url_for('bookKanri.index'))

    return render_template('bookKanri/update.html', bookData=bookData)
Exemple #2
0
def register():
    """Register a new manager.
    Validates that the managername is not already taken. Hashes the
    password for security.
    """
    if request.method == 'POST':
        managername = request.form['managername']
        password = request.form['password']
        db = get_db()
        error = None

        if not managername:
            error = 'managername is required.'
        elif not password:
            error = 'Password is required.'
        elif db.execute('SELECT id FROM manager WHERE managername = ?',
                        (managername, )).fetchone() is not None:
            error = 'manager {0} is already registered.'.format(managername)

        if error is None:
            # the name is available, store it in the database and go to
            # the login page
            db.execute(
                'INSERT INTO manager (managername, password) VALUES (?, ?)',
                (managername, generate_password_hash(password)))
            db.commit()
            return redirect(url_for('auth.login'))

        flash(error)

    return render_template('auth/register.html')
Exemple #3
0
def create():
    """Create a new bookDatafor the current manager."""
    if request.method == 'POST':
        jyanru = request.form['jyanru']
        bookTitle = request.form['bookTitle']
        author = request.form['author']
        publisher = request.form['publisher']
        price = request.form['price']
        purchaseDate = request.form['purchaseDate']
        memo = request.form['memo']
        error = None

        if not bookTitle:
            error = 'bookTitle is required.'

        if error is not None:
            flash(error)
        else:
            db = get_db()
            db.execute(
                'INSERT INTO bookData(jyanru, bookTitle, author, publisher, price, purchaseDate, memo, manager_id)'
                ' VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
                (jyanru, bookTitle, author, publisher, price, purchaseDate,
                 memo, g.manager['id']))
            db.commit()
            return redirect(url_for('bookKanri.index'))

    return render_template('bookKanri/create.html')
Exemple #4
0
def index():
    """Show all the bookDatas, most recent first."""
    db = get_db()
    bookDatas = db.execute(
        'SELECT p.id, jyanru, bookTitle, author, publisher, price, purchaseDate, memo,  manager_id, managername, created'
        ' FROM bookData p JOIN manager u ON p.manager_id = u.id'
        ' ORDER BY jyanru, bookTitle').fetchall()
    return render_template('bookKanri/index.html', bookDatas=bookDatas)
Exemple #5
0
def delete(id):
    """Delete a bookData.
    Ensures that the bookDataexists and that the logged in manager is the
    author of the bookData.
    """
    get_bookData(id)
    db = get_db()
    db.execute('DELETE FROM bookData WHERE id = ?', (id, ))
    db.commit()
    return redirect(url_for('bookKanri.index'))
Exemple #6
0
def load_logged_in_manager():
    """If a manager id is stored in the session, load the manager object from
    the database into ``g.manager``."""
    manager_id = session.get('manager_id')

    if manager_id is None:
        g.manager = None
    else:
        g.manager = get_db().execute('SELECT * FROM manager WHERE id = ?',
                                     (manager_id, )).fetchone()
Exemple #7
0
def get_bookData(id, check_author=True):
    """Get a bookDataand its author by id.
    Checks that the id exists and optionally that the current manager is
    the author.
    :param id: id of bookDatato get
    :param check_author: require the current manager to be the author
    :return: the bookDatawith author information
    :raise 404: if a bookDatawith the given id doesn't exist
    :raise 403: if the current manager isn't the author
    """
    bookData = get_db().execute(
        'SELECT p.id, jyanru, bookTitle, author, publisher, price, purchaseDate, memo,  manager_id, managername'
        ' FROM bookData p JOIN manager u ON p.manager_id = u.id'
        ' WHERE p.id = ?', (id, )).fetchone()

    if bookData is None:
        abort(404, "bookData id {0} doesn't exist.".format(id))

    if check_author and bookData['manager_id'] != g.manager['id']:
        abort(403)

    return bookData
Exemple #8
0
def login():
    """Log in a registered manager by adding the manager id to the session."""
    if request.method == 'POST':
        managername = request.form['managername']
        password = request.form['password']
        db = get_db()
        error = None
        manager = db.execute('SELECT * FROM manager WHERE managername = ?',
                             (managername, )).fetchone()

        if manager is None:
            error = 'Incorrect managername.'
        elif not check_password_hash(manager['password'], password):
            error = 'Incorrect password.'

        if error is None:
            # store the manager id in a new session and return to the index
            session.clear()
            session['manager_id'] = manager['id']
            return redirect(url_for('index'))

        flash(error)

    return render_template('auth/login.html')