def remove_maintenance_mode() : """This function sets the "maintenance" attribute of all users to "False". All users will be able to access any page on the site normally.""" User.objects(role = 0 and 1).update(maintenance = False) return redirect(url_for('profile.profile'))
def maintenance_mode() : """This function sets the "maintenance" attribute of all users to "True". All users will see the Maintenance Page when trying to access any page on the site.""" User.objects(role = 0 and 1).update(maintenance = True) return redirect(url_for('profile.profile'))
def remove_from_favorite(item_id): """This function is available for the Seller User, it provides them with a form to edit an item of theirs. Another Seller user can try to edit an item that is not theirs but will be flashed by a message preventing them to do so.""" User.objects(id = session['user']['id']).update_one(pull__favorite = item_id) flash("Removed from favorite !:)") return redirect(url_for('profile.profile'))
def display_users(): """This function sets the "disable" attribute of the user to "True". Such user can't access anything on the site (because of the decorator).""" items = Item.objects() seller_user = User.objects(role = 1) buyer_user = User.objects(role = 0) users = User.objects() return render_template('profile/display-users.html' , buyer_user = buyer_user , seller_user = seller_user , users = users , items = items)
def init_db(): common_password = pbkdf2_sha256.hash('1234') user_1 = User(username='******', password=common_password, birthday="2009-12-30 14:09:01", email='*****@*****.**', role=2, firstname='Admin', lastname='Admin').save() user_2 = User(username='******', password=common_password, birthday="2009-12-30 14:09:01", email='*****@*****.**', role=0, firstname='hesham', lastname='marei').save() user_3 = User(username='******', password=common_password, birthday="2009-12-30 14:09:01", email='*****@*****.**', role=1, firstname='hamza', lastname='radaideh').save() item_1 = Item(user=user_1, title="First", description='First', date="2009-12-30 14:09:01", price="0", category='clothes').save() item_2 = Item(user=user_2, title="Sec", description='First', date="2020-12-30 14:09:01", price="0", category='clothes').save() item_3 = Item(user=user_3, title="Third", description='First', date="2011-12-30 14:09:01", price="0", category='clothes').save() category_1 = Category(value='1', label='Clothes').save() category_2 = Category(value='2', label='Vehicles').save() category_3 = Category(value='3', label='Digital Devices').save() return "Database initialized :)!"
def login(): """This function validates the user's login credentials then takes them to the Home page.""" # created an instance of our form login_form = LoginForm() # check if it is a form submission if login_form.validate_on_submit(): # read values from the login wtform username = login_form.username.data password = login_form.password.data user = User.objects(username=username).first() # check if credentials are valid if user and user.authenticate(username, password): session['user'] = user.serialize() # redirect the user after login return redirect(url_for('home.home')) else: # invalid credentials, redirect to login with error message flash("Login invalid. Please check your username and password.") return redirect(url_for('home.home')) return redirect("/profile") # render the login template return render_template('login/login.html', form=login_form)
def edit_profile_user(): """This function provides the user with a form to edit their information.""" user = User.objects(id=session["user"]['id']).first() edit_profile_form = EditProfile() if request.method == "GET": edit_profile_form.new_first_name.data = session['user']['firstname'] edit_profile_form.new_last_name.data = session['user']['lastname'] if edit_profile_form.validate_on_submit(): new_first_name = edit_profile_form.new_first_name.data new_last_name = edit_profile_form.new_last_name.data user.firstname = new_first_name user.lastname = new_last_name user.save() session['user'] = user.serialize() return redirect(url_for('home.home')) return render_template("user/edit-profile.html", form=edit_profile_form)
def home(): """ This function is display unsold item """ user = User.objects() items = Item.objects() return render_template('item/home.html',user = user , items = items)
def disable_user_list(user_id) : """This function sets the "disable" attribute of the user to "True". Such user can't access anything on the site (because of the decorator).""" user = User.objects(id = user_id).first() user.disable = True user.save() return redirect(url_for('profile.display_users'))
def review_upgrade_requests(): """This function is available for the Admin user to preview Upgrade Requests to choose to Approve or Decline.""" users = User.objects() upgrade_requests = [] for user in users: upgrade_requests.append(UpgradeRequest.objects(user=user).all()) return render_template("notification/view-upgrades-requests.html", upgrade_requests=upgrade_requests)
def review_buy_request(): current_user = User.objects(id=session['user']['id']).first() my_items = Item.objects(user=current_user) print(my_items) my_buy_requests = [] for item in my_items: my_buy_requests.append(BuyRequest.objects(item=item)) return render_template("notification/view-my-buy-request.html", my_buy_requests=my_buy_requests)
def view_favorite(): """This function lets the Buyer user see their favorited items.""" favorite_items = User.objects(id = session['user']['id']).get().favorites items = [] for i in range(0 ,len(favorite_items)): item = Item.objects(id = favorite_items[i]).first() items.append(item) print(items) return render_template("profile/user-favorite.html" , items = items)
def unlock_disable_user_user_list(user_id) : """This function sets the "disable" attribute of the user to "False". Such user can now use the site as usual with no restrictions.""" user = User.objects(id = user_id).first() user.disable = False user.save() flash(f"Account '{user.username}' has been unlocked.!") return redirect(url_for('profile.display_users'))
def edit_item(item_id): """This function is available for the Seller User, it provides them with a form to edit an item of theirs. Another Seller user can try to edit an item that is not theirs but will be flashed by a message preventing them to do so.""" edit_item_form = EditItemForm() categories = Category.objects() edit_item_form.category.choices = [(category.value, category.label) for category in categories] item = Item.objects(id = item_id).first() if request.method == "GET": edit_item_form.title.data = item.title edit_item_form.description.data = item.description edit_item_form.price.data = item.price edit_item_form.category.data = item.category if edit_item_form.validate_on_submit(): item_user = item.user user = User.objects(id = session['user']['id']).first() if user == item_user : item.title = edit_item_form.title.data item.description = edit_item_form.description.data item.price = edit_item_form.price.data item.category = edit_item_form.category.data item.save() flash("Your item has been edited successfully.") else: flash("Action Not Allowed: Editing an item you don't own.") return redirect(url_for('home.home')) return render_template("item/edit-item.html", form = edit_item_form)
def delete_item(item_id): """This function is available for the Seller User, it allows them to delete an item of theirs. Another Seller user can try to delete an item that is not theirs but will be flashed by a message preventing them to do so.""" item = Item.objects(id = item_id).first() item_user = item.user user = User.objects(id = session['user']['id']).first() if user == item_user : Item.objects(id = item_id, user = session['user']['id']).first().delete() flash('Item has been deleted') else: flash("Action Not Allowed: Deleting an item you don't own.") return redirect(url_for("home.home"))
def change_password(): """This function allows the user to change/update their password It is a seperate functionality from "Edit Profile" for extra validation and seperation of concerns.""" user = User.objects(id=session['user']['id']).first() change_password_form = ChangePasswordForm() if change_password_form.validate_on_submit(): # read post values from the form current_password = change_password_form.current_password.data new_password = change_password_form.new_password.data if (user): user.change_password(current_password, new_password) user.save() flash("Your password has been successfully changed.") return redirect(url_for('user.change_password')) return render_template("user/change-password.html", form=change_password_form)
def profile(): """This function displays the logged in user's information.""" user = User.objects(id = session["user"]['id']).first() return render_template('profile/profile.html' , user = user)
def signup(): """This function creates an account for a new user.""" # created an instance of our form signup_form = SignUpForm() # check if it is a form submission if signup_form.validate_on_submit(): #create instance from user model user = User() # read values from the login wtform user.username = signup_form.username.data user.firstname = signup_form.firstname.data user.lastname = signup_form.lastname.data user.password = user.encrypt_password(signup_form.password.data) user.email = signup_form.email.data user.birthday = signup_form.birthday.data # save the user object user.save() return redirect(url_for("login.login")) return render_template("sign-up/sign-up.html", form=signup_form)
def add_favorite(item_id): """This function lets a Buyer user add items to the Favorites List.""" # Add post ID to favorites list User.objects(id = session['user']['id']).update_one(add_to_set__favorites = item_id) flash("Added as favorite.") return redirect(url_for('home.home'))
def disabled_list(): """This function can be accessed by the Admin user to view which users they have locked(disable).""" users = User.objects(disable = True) return render_template('profile/blocked-list.html' , users = users, title = "Blocked-List" , icon = 'fas fa-users')
def remove_user(user_id): """This function removes the user specified from the database.""" User.objects(id = user_id).first().delete() return redirect(url_for('profile.display_users'))