def oauth_callback(provider):
if not current_user.is_anonymous:
return redirect(url_for('index'))
oauth = OAuthSignIn.get_provider(provider)
username, email = oauth.callback()
if email is None:
# I need a valid email address for my user identification
flash('Authentication failed.')
return redirect(url_for('index'))
# Look if the user already exists
user = User.query.filter_by(email=email).first()
if not user:
# Create the user. Try and use their name returned by Google,
# but if it is not set, split the email address at the @.
nickname = username
if nickname is None or nickname == "":
nickname = email.split('@')[0]
# We can do more work here to ensure a unique nickname, if you
# require that.
user = User(nickname=nickname, email=email)
db.session.add(user)
db.session.commit()
# Log in the user, by default remembering them for their next visit
# unless they log out.
login_user(user, remember=True)
return redirect(url_for('index'))
def login():
error = ''
if request.method == 'POST':
# Get user from username
userList = dbsession.query(User).filter_by(
username=request.form['username']).limit(1)
matchingUser = userList.first()
# Check password
if (matchingUser is not None) and (matchingUser.password
== hashPassword(
request.form['password'])):
# Since there is an "active" status...
if matchingUser.active:
session['logged_in'] = True
session['user_id'] = matchingUser.id
flash('Logged in')
return redirect(app.jinja_env.globals['url_for']('index'))
else:
return render_template('session-login.html',
error='User account is disabled')
error = 'User might not exist or password is incorrect'
return render_template('session-login.html', errors=error)
def profileAdd():
if 'logged_in' in session:
xi = dbsession.query(XMLIOC).order_by(XMLIOC.name.asc())
if request.method == 'GET':
return render_template('config-profile-add.html', xmliocs = xi)
else:
success = True
errors = []
hc = True if 'host_confidential' in request.form else False
cp = ConfigurationProfile(
name=request.form['name'],
host_confidential=hc,
ioc_list=','.join(request.form.getlist('ioc_list')))
dbsession.add(cp)
dbsession.commit()
if success:
return redirect(url_for('config'))
else:
flash('\n'.join(errors))
return render_template('config-profile-add.html', xmliocs = xi, name = request.form['name'], host_confidential = request.form['host_confidential'])
else:
return redirect(url_for('login'))
def add(self, request):
try:
SC_parameter_configure.query.delete()
db.session.flush()
level_base_list = request.form.getlist('level_base')
level_A1_list = request.form.getlist('level_A1')
level_A2_list = request.form.getlist('level_A2')
level_A3_list = request.form.getlist('level_A3')
level_R_list = request.form.getlist('level_R')
back_payment = request.form['back_payment']
performance_a = request.form['performance_a']
performance_b = request.form['performance_b']
performance_c = request.form['performance_c']
level_a = request.form['level_a']
level_b = request.form['level_b']
for i in range(len(level_base_list)):
SC_parameter_configure(i + 1, level_base_list[i], level_A1_list[i], level_A2_list[i],
level_A3_list[i], level_R_list[i], back_payment,performance_a, performance_b, performance_c,
level_a, level_b).add()
# 事务提交
db.session.commit()
# 消息闪现
flash('保存成功', 'success')
except:
# 回滚
db.session.rollback()
logger.exception('exception')
# 消息闪现
flash('保存失败', 'error')
def scanbatchAdd():
if 'logged_in' in session:
cp = dbsession.query(ConfigurationProfile).order_by(ConfigurationProfile.name.asc())
wc = dbsession.query(WindowsCredential).order_by(WindowsCredential.domain.asc(), WindowsCredential.login.asc())
if request.method == 'GET':
return render_template('scan-planification-batch-add.html', configuration_profiles = cp, windows_credentials = wc)
else:
success = True
errors = []
batch = Batch(
name=request.form['name'],
configuration_profile_id = request.form['profile'],
windows_credential_id = request.form['credential'])
dbsession.add(batch)
dbsession.commit()
if success:
return redirect(url_for('scan'))
else:
flash('\n'.join(errors))
return render_template('scan-planification-batch-add.html', configuration_profiles = cp, windows_credentials = wc)
else: #Not logged in
return redirect(url_for('login'))
def request_detail_view(self, id):
unapproved_user = User.query.filter(User.approved == False,
User.id == id).first()
if not unapproved_user:
flash(u"Kullanıcı zaten onaylı!")
return redirect(url_for('.index_view'))
msg_body = render_template('email/request_detail.txt',
user=unapproved_user)
html_msg = render_template('email/request_detail.html',
user=unapproved_user)
msg_subject = u"Ufak bir rica!"
msg = MailMessage(body=msg_body,
html=html_msg,
subject=msg_subject,
sender=(u"Eşya Kütüphanesi",
"*****@*****.**"),
recipients=[unapproved_user.email])
mail.send(msg)
flash(
u"Kullanıcıya e-posta gönderilerek daha fazla bilgi vermesi talep edildi!"
)
return redirect(url_for('.index_view'))
def topics(operation=None, topic_id=-1):
form = NewTopicForm(request.form)
if request.method == 'POST' and form.validate_on_submit():
topic = Topic(name=form.topic.data)
db.session.add(topic)
db.session.commit()
flash('New topic is created')
return redirect(url_for('topics'))
if operation == 'delete':
try:
topic = Topic().query.get(topic_id)
db.session.delete(topic)
db.session.commit()
except:
flash("Failed to delete topic {}.".format(topic_id))
return redirect(url_for('topics'))
if operation == 'update':
try:
topic = Topic().query.get(topic_id)
topic.name = request.values.get("value")
db.session.add(topic)
db.session.commit()
except:
return 'Error renaming topic.', 400
else:
return 'Topic updted successfuly.', 200
topics = Topic().query.all()
return render_template('topics.html',
title='Topics',
form=form,
topics=topics)
def login():
form = LogInForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is not None and user.verify_password(form.password.data):
login_user(user,form.remember_me)
return redirect(request.args.get('next') or url_for('blog.index'))
flash('Invalid username or password')
return render_template('auth/login.html',form=form)
def login():
form = LogInForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is not None and user.verify_password(form.password.data):
login_user(user, form.remember_me)
return redirect(request.args.get('next') or url_for('blog.index'))
flash('Invalid username or password')
return render_template('auth/login.html', form=form)
def take_admin():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.is_admin=0'
db.cypher.execute(query)
flash("User removed successfully")
else:
flash("Admin rights revoked")
return redirect(url_for('userController.admin_panel'))
def give_admin():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.is_admin=1'
db.cypher.execute(query)
flash("Admin rights granted")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def take_admin():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.is_admin=0'
db.cypher.execute(query)
flash("User removed successfully")
else:
flash("Admin rights revoked")
return redirect(url_for('userController.admin_panel'))
def login():
if current_user.is_authenticated():
return render_template('main_screen/index.html', list='general')
form = LoginForm()
if form.validate_on_submit():
login_user(form.user)
flash("Logged in successfully.")
return render_template('main_screen/index.html', list='general')
return render_template('client/index.html', form=form)
def give_admin():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.is_admin=1'
db.cypher.execute(query)
flash("Admin rights granted")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def remove_user():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" delete node'
db.cypher.execute(query)
flash("User removed successfully")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def remove_user():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" delete node'
db.cypher.execute(query)
flash("User removed successfully")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def register():
form = RegistrationForm()
if form.validate_on_submit():
user= User(email = form.email.data,
username = form.username.data,
password = form.password.data)
db.session.add(user)
db.session.commit()
flash('注册完成')
return redirect(url_for('auth.login'))
return render_template('auth/register.html',form=form)
def unlock_account():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.active=' + str(
1) + ', node.blocked=' + str(0)
db.cypher.execute(query)
flash("User unblocked successfully")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data,
username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
flash('注册完成')
return redirect(url_for('auth.login'))
return render_template('auth/register.html', form=form)
def unlock_account():
_login = request.args.get('login')
tmp = db.find_one("USERS", "login", _login)
if tmp:
query = 'MATCH (node:USERS) where node.login="******" set node.active=' + str(
1) + ', node.blocked=' + str(0)
db.cypher.execute(query)
flash("User unblocked successfully")
else:
flash("User not found")
return redirect(url_for('userController.admin_panel'))
def userDelete(userid):
if 'logged_in' in session:
u = dbsession.query(User).filter_by(id = userid).first()
if u is None:
flash('This user does not exist')
return redirect(app.jinja_env.globals['url_for']('users'))
dbsession.delete(u)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('users'))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def register():
if request.method == 'POST':
check = User.query.filter(User.username == unicode(request.form['username'])).first()
if check:
flash("user already exists")
return render_template('register.html')
if request.form['password'] != request.form['confirm_password']:
flash("passwords do not match")
return render_template('register.html')
user = User(username = request.form['username'], password = request.form['password'], decks = [])
user.save()
login_user(DbUser(user))
return redirect('/')
return render_template('register.html')
def userDelete(userid):
if 'logged_in' in session:
u = dbsession.query(User).filter_by(id = userid).first()
if u is None:
flash('This user does not exist')
return redirect(url_for('users'))
dbsession.delete(u)
dbsession.commit()
return redirect(url_for('users'))
else:
return redirect(url_for('login'))
def userSwitchActive(userid):
if 'logged_in' in session:
u = dbsession.query(User).filter_by(id = userid).first()
if u is None:
flash('This user does not exist')
return redirect(app.jinja_env.globals['url_for']('users'))
u.active = not u.active
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('users'))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def wincredDelete(wincredid):
if 'logged_in' in session:
wc = dbsession.query(WindowsCredential).filter_by(id=wincredid).first()
if wc is None:
flash('This credential does not exist')
return redirect(url_for('config'))
dbsession.delete(wc)
dbsession.commit()
return redirect(url_for('config'))
else:
return redirect(url_for('login'))
def xmliocDelete(xmliocid):
if 'logged_in' in session:
xi = dbsession.query(XMLIOC).filter_by(id=xmliocid).first()
if xi is None:
flash('This IOC does not exist')
return redirect(url_for('config'))
dbsession.delete(xi)
dbsession.commit()
return redirect(url_for('config'))
else:
return redirect(url_for('login'))
def profileDelete(profileid):
if 'logged_in' in session:
p = dbsession.query(ConfigurationProfile).filter_by(id=profileid).first()
if p is None:
flash('This profile does not exist')
return redirect(url_for('config'))
dbsession.delete(p)
dbsession.commit()
return redirect(url_for('config'))
else:
return redirect(url_for('login'))
def scanbatchDelete(batchid):
if 'logged_in' in session:
xi = dbsession.query(Batch).filter_by(id=batchid).first()
if xi is None:
flash('This ScanBatch does not exist')
return redirect(url_for('scan'))
dbsession.delete(xi)
dbsession.commit()
return redirect(url_for('scan'))
else:
return redirect(url_for('login'))
def scantaskDelete(taskid):
if 'logged_in' in session:
xi = dbsession.query(Task).filter_by(id=taskid).first()
if xi is None:
flash('This Task does not exist')
return redirect(url_for('progress'))
dbsession.delete(xi)
dbsession.commit()
return redirect(url_for('progress'))
else:
return redirect(url_for('login'))
def wincredDelete(wincredid):
if 'logged_in' in session:
wc = dbsession.query(WindowsCredential).filter_by(id=wincredid).first()
if wc is None:
flash('This credential does not exist')
return redirect(app.jinja_env.globals['url_for']('config'))
dbsession.delete(wc)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def xmliocDelete(xmliocid):
if 'logged_in' in session:
xi = dbsession.query(XMLIOC).filter_by(id=xmliocid).first()
if xi is None:
flash('This IOC does not exist')
return redirect(app.jinja_env.globals['url_for']('config'))
dbsession.delete(xi)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def profileDelete(profileid):
if 'logged_in' in session:
p = dbsession.query(ConfigurationProfile).filter_by(id=profileid).first()
if p is None:
flash('This profile does not exist')
return redirect(app.jinja_env.globals['url_for']('config'))
dbsession.delete(p)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def addError(self, request):
manager_id = request.form["manager_id"]
manager_name = request.form["manager_name"]
create_time = request.form["create_time"]
error_reason = request.form["error_reason"]
try:
SC_business_error_list(manager_id, manager_name, create_time, error_reason).add()
# 事务提交
db.session.commit()
# 消息闪现
flash("保存成功", "success")
except:
# 回滚
db.session.rollback()
logger.exception("exception")
# 消息闪现
flash("保存失败", "error")
def login_callback():
tournament_name = config_tournament_name(CODENAME)
round_n = config_round_n()
data = request.form if request.method == 'POST' else None
if data:
user = session_db().find_one({'name':data['username']})
if user and User.validate_login(user['password'], data['password']):
user_obj = User(user['name'])
flask_login.login_user(user_obj)
flask_login.flash("Logged in successfully", category='success')
next = request.args.get('next')
if not next_is_valid(next):
next = '/admin/'
return redirect(next or '/admin/')
flask_login.flash("Wrong username or password", category='error')
return render_template('login.html', PROJECT_NAME=CODENAME, tournament_name=tournament_name, round_n=round_n)
def addError(self, request):
manager_id = request.form['manager_id']
manager_name = request.form['manager_name']
create_time = request.form['create_time']
error_reason = request.form['error_reason']
try:
SC_business_error_list(manager_id, manager_name, create_time, error_reason).add()
# 事务提交
db.session.commit()
# 消息闪现
flash('保存成功', 'success')
except:
# 回滚
db.session.rollback()
logger.exception('exception')
# 消息闪现
flash('保存失败', 'error')
def validate(self):
rv = Form.validate(self)
if not rv:
return False
user = get_db().query(Users).filter(func.lower(Users.username) == func.lower(self.username.data)).first()
if user is None:
flash('Unknown username')
self.username.errors.append('Unknown username')
return False
if not user.check_password(self.password.data):
self.password.errors.append('Invalid password')
return False
self.user = user
return True
def profileAdd():
if 'logged_in' in session:
xi = dbsession.query(XMLIOC).order_by(XMLIOC.name.asc())
if request.method == 'GET':
return render_template('config-profile-add.html', xmliocs=xi)
else:
success = True
errors = []
hc = True if 'host_confidential' in request.form else False
profile_name = request.form['name']
ioc_selected_list = ','.join(request.form.getlist('ioc_list'))
cp = ConfigurationProfile(name=profile_name,
host_confidential=hc,
ioc_list=ioc_selected_list)
if len(profile_name) <= 0:
success = False
errors.append("Profile name cannot be empty.")
else:
existing_profile_name = dbsession.query(
ConfigurationProfile).filter_by(name=profile_name).first()
if existing_profile_name is not None:
success = False
errors.append("Profile name already exists.")
if len(ioc_selected_list) <= 0:
success = False
errors.append("You must select at least one IOC.")
if success:
dbsession.add(cp)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
flash('\n'.join(errors))
return render_template('config-profile-add.html',
errors='\n'.join(errors),
host_confidential=hc,
name=request.form['name'],
xmliocs=xi)
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def addNewBZ(self, loan_apply_id, request):
try:
monitor_date_list = request.form.getlist('monitor_date')
monitor_type_list = request.form.getlist('monitor_type')
monitor_content_list = request.form.getlist('monitor_content')
monitor_remark_list = request.form.getlist('monitor_remark')
for i in range(len(monitor_date_list)):
SC_Monitor(loan_apply_id, monitor_date_list[i], monitor_type_list[i], monitor_content_list[i],
monitor_remark_list[i]).add()
db.session.commit()
# 消息闪现
flash('保存成功', 'success')
except:
# 回滚
db.session.rollback()
logger.exception('exception')
# 消息闪现
flash('保存失败', 'error')
def scanbatchAdd():
if 'logged_in' in session:
cp = dbsession.query(ConfigurationProfile).order_by(
ConfigurationProfile.name.asc())
wc = dbsession.query(WindowsCredential).order_by(
WindowsCredential.domain.asc(), WindowsCredential.login.asc())
if request.method == 'GET':
return render_template('scan-planification-batch-add.html',
configuration_profiles=cp,
windows_credentials=wc)
else:
success = True
errors = []
batch_name = request.form['name']
batch = Batch(name=batch_name,
configuration_profile_id=request.form['profile'],
windows_credential_id=request.form['credential'])
if len(batch.name) <= 0:
success = False
errors.append("Batch name cannot be empty.")
else:
existing_batch = dbsession.query(Batch).filter_by(
name=batch_name).first()
if existing_batch is not None:
success = False
errors.append("Batch name already exists.")
if success:
dbsession.add(batch)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('scan'))
else:
flash('\n'.join(errors))
return render_template('scan-planification-batch-add.html',
errors='\n'.join(errors),
configuration_profiles=cp,
windows_credentials=wc)
else: #Not logged in
return redirect(app.jinja_env.globals['url_for']('login'))
def add(self, request):
try:
SC_parameter_configure.query.delete()
db.session.flush()
level_base_list = request.form.getlist("level_base")
level_A1_list = request.form.getlist("level_A1")
level_A2_list = request.form.getlist("level_A2")
level_A3_list = request.form.getlist("level_A3")
level_R_list = request.form.getlist("level_R")
back_payment = request.form["back_payment"]
line_payment = request.form["line_payment"]
performance_a = request.form["performance_a"]
performance_b = request.form["performance_b"]
performance_c = request.form["performance_c"]
level_a = request.form["level_a"]
level_b = request.form["level_b"]
for i in range(len(level_base_list)):
SC_parameter_configure(
i + 1,
level_base_list[i],
level_A1_list[i],
level_A2_list[i],
level_A3_list[i],
level_R_list[i],
back_payment,
line_payment,
performance_a,
performance_b,
performance_c,
level_a,
level_b,
).add()
# 事务提交
db.session.commit()
# 消息闪现
flash("保存成功", "success")
except:
# 回滚
db.session.rollback()
logger.exception("exception")
# 消息闪现
flash("保存失败", "error")
def profileAdd():
if 'logged_in' in session:
xi = dbsession.query(XMLIOC).order_by(XMLIOC.name.asc())
if request.method == 'GET':
return render_template('config-profile-add.html', xmliocs = xi)
else:
success = True
errors = []
hc = True if 'host_confidential' in request.form else False
profile_name = request.form['name']
ioc_selected_list = ','.join(request.form.getlist('ioc_list'))
cp = ConfigurationProfile(
name=profile_name,
host_confidential=hc,
ioc_list=ioc_selected_list)
if len(profile_name) <= 0:
success = False
errors.append("Profile name cannot be empty.")
else:
existing_profile_name = dbsession.query(ConfigurationProfile).filter_by(name = profile_name).first()
if existing_profile_name is not None:
success = False
errors.append("Profile name already exists.")
if len(ioc_selected_list) <= 0:
success = False
errors.append("You must select at least one IOC.")
if success:
dbsession.add(cp)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
flash('\n'.join(errors))
return render_template('config-profile-add.html', errors='\n'.join(errors), host_confidential=hc, name=request.form['name'], xmliocs=xi)
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def edit(self, user_id, level_id):
data = SC_Privilege.query.filter_by(priviliege_master_id=user_id, privilege_master="SC_User", priviliege_access
="sc_account_manager_level").first()
if data:
SC_Privilege.query.filter_by(priviliege_master_id=user_id, privilege_master="SC_User", priviliege_access
="sc_account_manager_level").update({"priviliege_access_value": level_id})
db.session.commit()
else:
try:
SC_Privilege("SC_User", user_id, "sc_account_manager_level", level_id, 0).add()
# 事务提交
db.session.commit()
# 消息闪现
flash('保存成功', 'success')
except:
# 回滚
db.session.rollback()
logger.exception('exception')
# 消息闪现
flash('保存失败', 'error')
def oauth_callback(provider):
if not current_user.is_anonymous():
return redirect(url_for('main.index'))
oauth = OAuthSignIn.get_provider(provider)
id, name, family_name, email, picture, gender, locale = oauth.callback()
if id is None:
flash(u'A autenticação falhou.')
return redirect(url_for('main.index'))
user = User.query.filter_by(id=id).first()
if not user:
user = User(id=id,
name=name,
family_name=family_name,
email=email,
picture=picture,
gender=gender,
locale=locale)
db.session.add(user)
db.session.commit()
login_user(user, True)
return redirect(url_for('main.index'))
def request_detail_view(self, id):
unapproved_user = User.query.filter(User.approved == False, User.id == id).first()
if not unapproved_user:
flash(u"Kullanıcı zaten onaylı!")
return redirect(url_for('.index_view'))
msg_body = render_template('email/request_detail.txt', user=unapproved_user)
html_msg = render_template('email/request_detail.html', user=unapproved_user)
msg_subject = u"Ufak bir rica!"
msg = MailMessage(
body=msg_body,
html=html_msg,
subject=msg_subject,
sender=(u"Eşya Kütüphanesi", "*****@*****.**"),
recipients=[unapproved_user.email]
)
mail.send(msg)
flash(u"Kullanıcıya e-posta gönderilerek daha fazla bilgi vermesi talep edildi!")
return redirect(url_for('.index_view'))
def xmliocAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('config-xmlioc-add.html')
else:
success = True
errors = []
xml_content = request.files['xml_content'].stream.read()
ioc_name = request.form['name']
xi = XMLIOC(name=ioc_name,
xml_content=base64.b64encode(xml_content))
if len(ioc_name) <= 0:
success = False
errors.append("IOC name cannot be empty.")
else:
existing_ioc = dbsession.query(XMLIOC).filter_by(
name=ioc_name).first()
if existing_ioc is not None:
success = False
errors.append("IOC name already exists.")
if len(xml_content) <= 0:
success = False
errors.append("You must specify a file.")
if success:
dbsession.add(xi)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
flash('\n'.join(errors))
return render_template('config-xmlioc-add.html',
errors='\n'.join(errors),
name=ioc_name)
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def addList(self, loan_apply_id, request):
try:
SC_Fixed_Assets_Car.query.filter_by(loan_apply_id=loan_apply_id).delete()
SC_Fixed_Assets_Equipment.query.filter_by(loan_apply_id=loan_apply_id).delete()
SC_Fixed_Assets_Estate.query.filter_by(loan_apply_id=loan_apply_id).delete()
db.session.flush()
name_list = request.form.getlist('name')
purchase_date_list = request.form.getlist('purchase_date')
purchase_price_list = request.form.getlist('purchase_price')
rate_list = request.form.getlist('rate')
total_list = request.form.getlist('total')
total_price_list = request.form.getlist('total_price')
rate_price_list = request.form.getlist('rate_price')
mode_list = request.form.getlist('mode')
for i in range(len(name_list)):
#新增车辆
if mode_list[i] == "3":
SC_Fixed_Assets_Car(loan_apply_id, name_list[i], purchase_date_list[i], purchase_price_list[i],
rate_list[i], total_list[i], total_price_list[i], rate_price_list[i]).add()
#新增设备
if mode_list[i] == "2":
SC_Fixed_Assets_Equipment(loan_apply_id, name_list[i], purchase_date_list[i],
purchase_price_list[i],
rate_list[i], total_list[i], total_price_list[i],
rate_price_list[i]).add()
if mode_list[i] == "1":
SC_Fixed_Assets_Estate(loan_apply_id, name_list[i], purchase_date_list[i], purchase_price_list[i],
rate_list[i], total_list[i], total_price_list[i], rate_price_list[i]).add()
# 事务提交
db.session.commit()
# 消息闪现
flash('保存成功', 'success')
except:
# 回滚
db.session.rollback()
logger.exception('exception')
# 消息闪现
flash('保存失败', 'error')
def xmliocAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('config-xmlioc-add.html')
else:
success = True
errors = []
xml_content = request.files['xml_content'].stream.read()
ioc_name = request.form['name']
xi = XMLIOC(
name=ioc_name,
xml_content=base64.b64encode(xml_content))
if len(ioc_name) <= 0:
success = False
errors.append("IOC name cannot be empty.")
else:
existing_ioc = dbsession.query(XMLIOC).filter_by(name=ioc_name).first()
if existing_ioc is not None:
success = False
errors.append("IOC name already exists.")
if len(xml_content) <= 0:
success = False
errors.append("You must specify a file.")
if success:
dbsession.add(xi)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('config'))
else:
flash('\n'.join(errors))
return render_template('config-xmlioc-add.html', errors='\n'.join(errors), name=ioc_name)
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def approval_view(self, id):
unapproved_user = User.query.filter(User.approved == False,
User.id == id).first()
if not unapproved_user:
flash(u"Kullanıcı zaten onaylı!")
return redirect(url_for('.index_view'))
unapproved_user.approved = True
db.session.commit()
msg_body = render_template('email/welcome.txt', user=unapproved_user)
html_msg = render_template('email/welcome.html', user=unapproved_user)
msg_subject = u"Hoşgeldin!"
msg = MailMessage(body=msg_body,
html=html_msg,
subject=msg_subject,
sender=(u"Eşya Kütüphanesi",
"*****@*****.**"),
recipients=[unapproved_user.email])
mail.send(msg)
flash(u"Kullanıcı onaylandı ve e-posta gönderildi!")
return redirect(url_for('.index_view'))
def user_activate():
login = request.args.get('login')
code = request.args.get('code')
tmp = db.find_one("USERS", "login", login)
if tmp["blocked"] == 1:
flash("Permission denied. Your account has been blocked")
elif tmp["active"] == 1:
flash(login + "your account has already been activated.")
elif tmp["activation_code"] == code:
query = 'MATCH (node:USERS) where node.login="******" set node.active=' + str(
1)
db.cypher.execute(query)
query = 'MATCH (node:USERS) where node.login="******" remove node.activation_code'
db.cypher.execute(query)
flash("Congrats " + login + " You have just activated your account.")
else:
flash("Incomplete or incorrect data!")
return redirect(url_for('index'))
def user_register():
if current_user.is_anonymous():
if request.method == 'GET':
return render_template('user/register.html')
else:
_activation_code = Utils.random_string(16)
_first_name = request.form['fname']
_last_name = request.form['lname']
_email = request.form['email']
_login = request.form['login']
_password = Utils.hash_password(request.form['password'])
tmp = db.find_one("USERS", "login", _login)
if tmp:
print(tmp + " A")
flash("Login exists")
return render_template('user/register.html')
print(tmp)
_user = Node(
"USERS",
first_name=_first_name,
last_name=_last_name,
email=_email,
login=_login,
password=_password,
activation_code=_activation_code,
_group="None",
active=0,
is_admin=0,
blocked=0,
)
db.create(_user)
_mail_content = "localhost:5000" + url_for(
'userController.user_activate'
) + '?login='******'&code=' + _activation_code
send_activation_code(_email, _mail_content)
flash(
"Check your email for activation link. If you are too lazy or used fake e-mail just use this link: "
+ _mail_content)
else:
flash("Cant create new account while logged in?")
return redirect(url_for('index'))
def user_login():
if request.method == 'GET':
return render_template('user/login.html')
else:
_login = request.form['login']
_password = request.form['password']
tmp = db.find_one("USERS", "login", _login)
if tmp and tmp["login"] == "admin" and Utils.check_password(
tmp["password"], _password):
login_user(UserModel(tmp))
flash("Hello mr. Super Admin! Have a nice day")
elif tmp:
if tmp["blocked"] == 1:
flash("Permission denied. Your account has been blocked")
return render_template('user/login.html')
else:
if Utils.check_password(tmp["password"], _password):
if tmp["active"] == 1:
login_user(UserModel(tmp))
flash("Welcome " + current_user.login +
". You are logged in!")
else:
_mail_content = "localhost:5000" + url_for(
'userController.user_activate') + '?login='******'&code=' + \
tmp["activation_code"]
send_activation_code(tmp["email"], _mail_content)
flash(
"Check your email for activation link. If you are too lazy or "
"used fake e-mail just use this link: " +
_mail_content)
else:
flash("Incorrect (incomplete) login or password")
return render_template('user/login.html')
else:
flash("Incorrect user login")
return render_template('user/login.html')
return redirect(url_for('index'))
def user_logout():
flash("User " + current_user.login + " logged out!")
logout_user()
return redirect(url_for('index'))
def logout():
session.pop('logged_in', None)
flash('Logged out')
return redirect(app.jinja_env.globals['url_for']('index'))
def approval_view(self, id):
flash('%s is approved' % str(id))
return redirect(url_for('.index_view'))
def logout():
logout_user()
flash('logged out now')
return redirect(url_for('blog.index'))