def new(): """ Vista de creacion de un usuario, devuelve la vista en el metodo GET o valida en el metodo POST, si la validacion es correcta guarda el usuario en la base, si no flashea mensajes de error de las validaciones que fallaron """ if (request.method == 'POST'): if (check_token(request.form["csrf_token"])): nuevoUsuario = User( first_name=(sql_escape(request.form["nombre"])), password=request.form["password"], email=request.form["email"], last_name=(sql_escape(request.form["apellido"])), username=(request.form["usuario"])) try: nuevoUsuario.validate_and_save() flash("Usuario creado correctamente", "success") return redirect(url_for('users.index')) except AssertionError as e: flash_messages(str(e)) return render_template('user/new.html', last_form=request.form) else: return render_template('user/new.html') else: CSRF_TOKEN = generate_token() return render_template("user/new.html", CSRF_TOKEN_STRING=CSRF_TOKEN)
def index(): """ Vista del formulario de configuración """ configurations = Configuration.query.order_by(Configuration.name).all() configs = {} first_name = '' for element in configurations: name = element.name.split('.') if first_name != name[0]: first_name = name[0] configs_content = [] configs[name[0]] = configs_content content_elements = [element.name, element.value] configs[name[0]].append(content_elements) CSRF_TOKEN = generate_token() return render_template( "configuration/configuration.html", configs=configs, CSRF_TOKEN_STRING=CSRF_TOKEN )
def new(): """ Metodo para crear un nuevo turno Se debe mandar en el get los parametros inciales. """ if request.method == 'POST': try: form = request.form center_id = form["center-id"] date = form["date"] start_hour = f"{form['start-hour']}:{form['start-minute']}:00" CSRF_TOKEN = form["csrf_token"] center_name = Center.query.filter_by(id=center_id).first().name start_hour = datetime.strptime(start_hour, "%H:%M:%S") start_hour = datetime.strftime(start_hour, "%H:%M") date_center = datetime.strptime(form["date"], "%Y-%m-%d") if (not check_token(CSRF_TOKEN)): error = "Cómo perdiste el token csrf?? Acá tenes otro ¬.¬" error += " No lo pierdas..." flash(error, "error") return render_template('turn/new.html', center_id=center_id, center_name=center_name, date=date, start_hour=start_hour) new_turn = Turno( center=form["center-id"], email=form["email"], phone_number=form["phone"], date=date_center, hour_block=start_hour, ) new_turn.validate_and_save() date = date_center.date().strftime("%d/%m/%Y") flash("Turno creado correctamente", "success") return redirect( url_for('centers.turns_index', id=center_id, fecha=date)) except ValueError: flash("No se pudo guardar el turno. Intente nuevamente.", "error") return redirect(url_for("centers.index")) except AttributeError: center_name = "" error = ("El centro no existe, por favor vuelva a la vista de" + " turnos de un centro para seleccionar un nuevo turno") flash(error, "error") return redirect(url_for('centers.index')) except AssertionError as e: flash_messages(str(e)) return render_template( 'turn/new.html', center_id=center_id, center_name=center_name, date=date, start_hour=start_hour, last_form=request.form, CSRF_TOKEN_STRING=CSRF_TOKEN, ) elif request.method == 'GET': try: center_id = request.args.get("center_id") date = request.args.get("date") start_hour = request.args.get("start_hour") CSRF_TOKEN = generate_token() center_name = Center.query.filter_by(id=center_id).first().name datetime.strptime(date, "%Y-%m-%d") datetime.strptime(start_hour, "%H:%M:%S") return render_template('turn/new.html', center_id=center_id, center_name=center_name, date=date, start_hour=start_hour, CSRF_TOKEN_STRING=CSRF_TOKEN) except (AttributeError, ValueError): flash("Hubo un error, intente nuevamente crear un turno", "error") return redirect(url_for('centers.index', id=center_id))
def update(id): centers = { center.id: center.name for center in Center.query.filter_by(publication_state=True) } hours = [ "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23" ] if request.method == 'POST': form = request.form CSRF_TOKEN = form["csrf_token"] if not (check_token(request.form["csrf_token"])): return redirect(url_for('turns.update', id=id)) if (not form["center-id"].isnumeric()) or (int(form["center-id"]) not in centers.keys()): flash("El centro no existe o esta deshabilitado", "error") return redirect(url_for('turns.show', id=id)) try: turn = Turno.query.filter_by(id=id).first() old_turn = Turno.query.filter_by(id=id).first() new_date = datetime.strptime(form["datepicker"], "%d/%m/%Y") new_hour = f"{form['start-hour']}:{form['start-minute']}" datetime.strptime(new_hour, "%H:%M") if not turn: abort(400) turn.phone_number = form["phone"] turn.email = form["email"] turn.center = int(form["center-id"]) turn.date = new_date turn.hour_block = new_hour turn.validate_and_save(update=True) flash("El turno se modificó correctamente", "success") return redirect(url_for('turns.show', id=turn.id)) except ValueError: flash("La hora debe tener formato de H:M:S", "error") flash("La fecha debe tener formado de DD/MM/YYYY", "error") send_date = old_turn.date.strftime("%d/%m/%Y") send_hour = old_turn.hour_block return render_template('turn/update.html', turn=turn, hours=hours, date=send_date, hour_block=send_hour, centers=centers, CSRF_TOKEN_STRING=CSRF_TOKEN) except AttributeError: error = ("El centro no existe, por favor vuelva a la vista de" + " turnos de un centro para seleccionar un nuevo turno") flash(error, "error") return render_template('turn/update.html', turn=turn, hours=hours, date=form["datepicker"], hour_block=send_hour, centers=centers, CSRF_TOKEN_STRING=CSRF_TOKEN) except AssertionError as e: flash_messages(str(e)) new_hour += ":00" send_hour = datetime.strptime(new_hour, "%H:%M:%S") return render_template('turn/update.html', turn=turn, hours=hours, date=form["datepicker"], hour_block=send_hour, centers=centers, CSRF_TOKEN_STRING=CSRF_TOKEN) elif request.method == 'GET': turn = Turno.query.filter_by(id=id).first() if not turn: abort(400) CSRF_TOKEN = generate_token() date = turn.date.strftime("%d/%m/%Y") hour_block = turn.hour_block return render_template('turn/update.html', turn=turn, hours=hours, date=date, hour_block=hour_block, centers=centers, CSRF_TOKEN_STRING=CSRF_TOKEN)
def update(username): """ Vista de actualizacion de un usuario, devuelve la vista en el metodo GET o valida en el metodo POST, si la validacion es correcta actualiza el usuario en la base, si no flashea mensajes de error de las validaciones que fallaron """ if (request.method == 'POST'): roles_query = Role.query.all() if (check_token(request.form["csrf_token"])): CSRF_TOKEN = request.form["csrf_token"] user = User.query.filter_by( username=request.form["usuario"]).first() if (not user) or (user.username != username): flash("Hubo un error, por favor intente nuevamente", "error") return redirect(url_for("users.index")) user.first_name = (sql_escape(request.form["nombre"])) user.last_name = (sql_escape(request.form["apellido"])) if request.form["email"] != user.email: user.email = request.form["email"] if validate_email(user): flash(validate_email(user)[:-1], "error") return render_template('user/update.html', user=user, CSRF_TOKEN_STRING=CSRF_TOKEN, roles=roles_query, new_form=False) if (not user.es_admin() or (user.es_admin() and not user.es_activo())): if ("activo" in request.form.keys() and request.form["activo"] == "on"): user.activo = True else: user.activo = False for role in roles_query: if (role.name == 'administrador_del_sistema'): if not (session.get('username') == user.username): update_role(request.form, role, user) else: update_role(request.form, role, user) new_password = False if request.form["password"]: if user.check_password(request.form["password"]): if request.form["newPassword"]: new_password = True user.password = request.form["newPassword"] else: flash("Debe ingresar un nuevo password", "error") return render_template('user/update.html', user=user, CSRF_TOKEN_STRING=CSRF_TOKEN, roles=roles_query, new_form=False) else: flash("El password ingresado no es correcto", "error") return render_template('user/update.html', user=user, CSRF_TOKEN_STRING=CSRF_TOKEN, roles=roles_query, new_form=False) try: user.validate_and_save(update=True, password_change=new_password) flash("Usuario modificado correctamente", "success") return redirect(url_for('users.index')) except AssertionError as e: flash_messages(str(e)) return render_template('user/update.html', user=user, CSRF_TOKEN_STRING=CSRF_TOKEN, roles=roles_query, new_form=False) else: return render_template("user/update.html", user=user) else: CSRF_TOKEN = generate_token() user = User.query.filter_by(username=username).first() if not user: abort(404) roles_query = Role.query.all() return render_template("user/update.html", user=user, CSRF_TOKEN_STRING=CSRF_TOKEN, roles=roles_query, new_form=True)
def new(): """ Vista de creacion de un centro de ayuda, devuelve la vista en el metodo GET o valida en el metodo POST, si la validacion es correcta guarda el centro en la base, si no flashea mensajes de error de las validaciones que fallaron """ if (request.method == 'POST'): if not (check_token(request.form["csrf_token"])): return render_template( 'centers/new.html', center_types=Type.query.order_by(Type.name).all(), ) form = request.form nuevo_centro = Center( name=form['nombre-centro'], address=form['direccion'], phone_number=form['phone'], opens_at=f"{form['opens_at_hour']}:{form['opens_at_min']}", close_at=f"{form['close_at_hour']}:{form['close_at_min']}", municipio=form["muni"], coordinates=f"{form['lat']},{form['lng']}") nuevo_centro.types.append( Type.query.filter_by(name=form["tipo"]).first()) if "email" in form: nuevo_centro.email = form["email"] if "web" in form: nuevo_centro.web = form["web"] if "publication_state" in form: nuevo_centro.publication_state = True # Solo pueden acceder usuarios con permisos estado = State.query.filter_by(name="Aprobado").first() estado.centers.append(nuevo_centro) msj = "Centro cargado correctamente." try: if request.files["protocolo"]: # Validate and save si tiene pdf nuevo_centro.validate_and_save(pdf=request.files["protocolo"]) save_pdf_file(request.files["protocolo"], nuevo_centro.protocolo) else: # Validate and save si no tiene pdf nuevo_centro.validate_and_save() flash(msj, "success") return redirect(url_for('centers.index')) except AssertionError as e: flash_messages(str(e)) return render_template( 'center/new.html', last_form=request.form, center_types=Type.query.order_by(Type.name).all(), ) return redirect('/center') else: # method=GET CSRF_TOKEN = generate_token() return render_template( '/center/new.html', center_types=Type.query.order_by(Type.name).all(), CSRF_TOKEN_STRING=CSRF_TOKEN, )
def update(center_id): """ Actualiza el Centro pasado por la url """ center = Center.query.filter_by(id=center_id).first() if not center: abort(404) if (request.method == 'POST'): if not (check_token(request.form["csrf_token"])): CSRF_TOKEN = generate_token() return render_template("center/update.html", center=center, center_types=Type.query.order_by( Type.name).all(), CSRF_TOKEN_STRING=CSRF_TOKEN) else: CSRF_TOKEN = request.form["csrf_token"] form = request.form center.name = form['nombre-centro'] center.address = form['direccion'] center.phone_number = form['phone'] center.municipio = form["muni"] center.coordinates = f"{form['lat']},{form['lng']}" if center.types[0].name != form['tipo']: center.types.remove(center.types[0]) center.types.append( Type.query.filter_by(name=form["tipo"]).first()) if "email" in form: center.email = form["email"] if "web" in form: center.web = form["web"] if "publication_state" in form: if center.state == 1: center.publication_state = True else: center.publication_state = False if center.state == 3: estado = State.query.filter_by(name="Rechazado").first() estado.centers.remove(center) estado = State.query.filter_by(name="Pendiente").first() estado.centers.append(center) if ((center.opens_at != (datetime.strptime( f"{form['opens_at_hour']}" f":{form['opens_at_min']}", '%H:%M').time()) or (center.close_at != (datetime.strptime( f"{form['close_at_hour']}" f":{form['close_at_min']}", '%H:%M').time())) )): # Si se intenta modificar algun horario: if center.tiene_turnos_futuros(): flash( "No se puede actualizar el horario del centro si le" " quedan turnos futuros", "error") return render_template('center/update.html', center=center, center_types=Type.query.order_by( Type.name).all(), CSRF_TOKEN_STRING=CSRF_TOKEN) center.opens_at = (f"{form['opens_at_hour']}:" f"{form['opens_at_min']}") center.close_at = (f"{form['close_at_hour']}:" f"{form['close_at_min']}") try: if request.files["protocolo"]: # Validate and save si tiene pdf if center.protocolo: delete_pdf_file(center.protocolo) center.validate_and_save(update=True, pdf=request.files["protocolo"]) save_pdf_file(request.files["protocolo"], center.protocolo) else: # Validate and save si no tiene pdf center.validate_and_save(update=True) flash("Centro actualizado correctamente.", "success") return redirect(url_for('centers.index')) except AssertionError as e: flash_messages(str(e)) return render_template('center/update.html', center=center, center_types=Type.query.order_by( Type.name).all(), CSRF_TOKEN_STRING=CSRF_TOKEN) else: # Method: GET CSRF_TOKEN = generate_token() return render_template("center/update.html", center_types=Type.query.order_by( Type.name).all(), CSRF_TOKEN_STRING=CSRF_TOKEN, center=center)