def index():
email_address = request.cookies.get("email")
user = db.query(User).filter_by(email=email_address).first()
users = db.query(User)
print(users)
return render_template("index.html", user=user, users=users)
def dia():
if request.method == "GET":
if "username" in session:
t_month = request.args.get('month') # creo que es de tipo string
t_year = request.args.get('year')
t_day = request.args.get('day')
month, year = current_month(t_month, t_year)
# calendario_mes = monthcalendar(year, month)
user = db.query(User).filter_by(
username=session["username"]).first()
citas = db.query(Cita).filter_by(user_id=user.id).all(
) # obtengo todas las citas, pero deberían ser las de ese día
cita_dia = []
print(citas)
for cita in citas:
if cita.fecha.year == int(t_year) and cita.fecha.month == int(
t_month) and cita.fecha.day == int(t_day):
cita_dia.append(cita)
return render_template("dia.html",
month=t_month,
year=t_year,
day=t_day,
text_month=imprime_mes(month),
citas_dia=cita_dia)
else:
pass
elif register.method == "POST":
pass
def admin():
global user
chars = db.query(Character).all()
users = db.query(User).all()
db.commit()
return render_template("/Nav-Pages/admin.html", users=users, chars=chars, admin=user.admin)
def allusers():
location = request.args.get("location", "Maribor")
r = requests.get(f"{OWA}?q={location}&units=metric&appid={API_KEY}")
tempwat = r.json()
temperature = tempwat["main"]["temp"]
weather = tempwat["weather"][0]["main"]
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
users = db.query(User).all()
if user:
return render_template(
"users.html",
user=user,
users=users,
location=location.title(),
temperature=temperature,
weather=weather,
)
else:
"Please sign in or login if you want to go on that page."
return render_template(
"home.html",
user=user,
messages=messages,
location=location.title(),
temperature=temperature,
weather=weather,
)
def is_allowed(request, routename, method='ALL', check_route=True):
"""
Given a request_object, routename and method; returns True if current user has access to that route,
otherwise returns False.
If check_route if False, does not check the DB to see if the route is in the list of protected routes
"""
if check_route:
route = db.query(RoutePermission).filter_by(route_name=routename).first()
if not route:
return True
if not isinstance(method, list):
method = [method, ]
user_permissions = request.session.get('auth_user_permissions', [])
if request.session.get('auth_static_permission', None):
user_permissions.append(request.session.get('auth_static_permission', None))
has_permission = db.query(func.count(RoutePermission.permission)).filter(
RoutePermission.route_name == routename).filter(
RoutePermission.method.in_(method)).filter(
RoutePermission.permission.in_(user_permissions)).scalar()
if has_permission > 0:
return True
else:
return False
def message_details(msg_id=None):
if msg_id:
msg = db.query(Mensaje).get(int(msg_id))
if msg and msg.receiver == current_user.email:
msg.read = True
db.add(msg)
db.commit()
return render_template("messages.html",
current_msg=msg,
current_user=current_user)
else:
return "Message ID not valid!"
else:
messages = list(
db.query(Mensaje).filter_by(receiver=current_user.email))
messages.sort(key=lambda s: s.date)
read = list(filter(lambda s: s.read, messages))
non_read = list(filter(lambda s: not s.read, messages))
for msg in non_read:
msg.read = True
db.add(msg)
db.commit()
return render_template("messages.html",
msg_read=read,
msg_non_read=non_read,
current_user=current_user)
return render_template("messages.html", no_msg=True)
def index():
if request.method == "GET":
data = {}
session_token = request.cookies.get("session_token") #guardamos el valor de la cookie session token en la variable session_token
if session_token:
user = db.query(User).filter_by(session_token=session_token).first() #si tenemos una session token, miramos y comparamos en la base de datos
else: #si no creamos una instancia user vacia
user = None
data.update({'user': user})
return render_template("index.html", data=data)
elif request.method == "POST":
guess = request.form.get('guess', False)
email_address = request.cookies.get("email")
user = db.query(User).filter_by(email=email_address).first()
try: # compara si el valor introducido es un entero y si no lo es devuelve un error
guess = int(guess)
except Exception:
data = {'result': False,
"user": user,
"error": 2}
response = make_response(render_template("index.html", data=data))
return response
if guess > 30 or guess < 1: #comprueba que ademas de ser un entero sea un valor comprendido entre 1 y 30, si no devuelve un error
data = {'result': False,
"user": user,
"error": 1}
response = make_response(render_template("index.html", data=data))
return response
if guess == int(user.secret_number): # Si ha acertado:
new_secret = random.randint(1, 30)
user.secret_number = new_secret
db.add(user)
db.commit()
new_wrong = wrong_guess.copy()
data = {'result': True,
"wrong_guess": new_wrong,
"user": user}
wrong_guess.clear()
response = make_response(render_template("index.html", data=data))
return response
else: # Si no hemos acertado damos una pista para que pueda acertar
if int(user.secret_number) < guess:
data = {'result': False, # Diferentes lineas para mas orden y solo un diccionario con datos
'hint': "Demasiado grande, prueba algo mas pequeño",
'user': user}
else:
data = {'result': False,
'hint': "Demasiado pequeño, prueba algo mas grande",
'user': user}
response = make_response(render_template("index.html", data=data))
wrong_guess.append(guess)
return response # Devolvemos un response por pantalla,mostrando un mensaje segun si ha acertado o si ha puesto un numero mayor o menor
return render_template("index.html")
def dashboard():
form = Messageform()
form.receiver_email.choices = get_choices(current_user)
if request.method == "GET":
messages = db.query(Mensaje).filter_by(receiver=current_user.email,
read=False).all()
users = db.query(User).all()
return render_template("dashboard.html",
messages=messages,
form=form,
current_user=current_user,
users=users)
else:
if form.validate_on_submit():
msg = Mensaje(subject=form.subject.data,
message=form.message.data,
receiver=form.receiver_email.data,
sender=current_user.email,
read=False)
db.add(msg)
db.commit()
data = "Your message has been sent"
return render_template("dashboard.html",
data=data,
form=form,
current_user=current_user,
msg=msg)
else:
data = "Error, review the entered data"
return render_template("dashboard.html",
data=data,
form=form,
current_user=current_user)
def messenger(session_cookie):
if request.method == "GET":
user_all = db.query(User).all()
user = db.query(User).filter_by(session_token=session_cookie).first()
return render_template("messenger.html", session_cookie=user.session_token, email=user.email, user_all=user_all)
elif request.method == "POST":
user1 = db.query(User).filter_by(session_token=session_cookie).first()
email = request.form.get("email")
user2 = db.query(User).filter_by(email=email).first()
text = request.form.get("text")
if user2:
text_received = f"From {user1.email}: {text}"
if user2.text_received:
text_received = user2.text_received + "|" + text_received
user2.text_received = text_received
db.add(user2)
db.commit()
else:
user2.text_received = text_received
db.add(user2)
db.commit()
if user1.text_sent:
text_sent = f"To {email}: {text}"
text_sent = user1.text_sent + "|" + text_sent
user1.text_sent = text_sent
db.add(user1)
db.commit()
else:
user1.text_sent = f"To {email}: {text}"
db.add(user1)
db.commit()
return render_template("sent.html", text=user1.text_sent, session_cookie=user1.session_token, email=user1.email)
def comments():
session_token = request.cookies.get("session_token")
# get user from the database based on her/his email address
user = db.query(User).filter_by(session_token=session_token).first()
users = db.query(User).all()
comments = db.query(Comment).all()
if request.method == "GET":
if user: # if user is found
return render_template("comments.html", user=user, users=users, comments=comments, title="Leave a comment, and make us happy!")
else:
return redirect(url_for("index"))
else:
userid = request.form.get("user-id")
usercomment = request.form.get("user-comment")
# update the user object
comment = Comment(userid=userid, comment=usercomment)
# store changes into the database
db.add(comment)
db.commit()
return redirect(url_for("comments"))
def delete(msg_id):
# Get session_token
session_token = request.cookies.get("session_token")
# Get the user from the database
user = db.query(User).filter_by(session_token=session_token).first()
# Get the message using msg_id from database
message = db.query(Message).get(int(msg_id))
# If the user.id matchs the message.receiver
if user.id == message.receiver:
# Delete the message from the database
db.delete(message)
db.commit()
# Send the user to the index page
return redirect(url_for("index"))
# Else - the message does not belong to the user
else:
# Send the user to the index page
return redirect(url_for("index"))
def profile_edit():
session_token = request.cookies.get("session_token")
# get user
password = request.form.get("user-password")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
if user:
return render_template("profile_edit.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
user = db.query(User).filter_by(session_token=session_token).first()
# ovdje mi nastane problem jer kada upišem stvarnu lozinku izbacuje mi "Wrong password! Go back and try again.",
# tek kada kopiram hashed_password iz baze onda me šalje na change_password.html
if password != user.password:
return "Wrong password! Go back and try again."
elif password == user.password:
return render_template("change_password.html", user=user)
password = request.form.get("user-password")
# update user
user.password = password
def send():
# Get the session_token
session_token = request.cookies.get("session_token")
# If session_token found
if session_token:
# Get the user from the database
user = db.query(User).filter_by(session_token=session_token).first()
# If get request -- i.e we just show the user the messages page
if request.method == "GET":
# Get all the users in the database
users = db.query(User).all()
# Send the user to the send html page, set user and users in return
return render_template("send.html", user=user, users=users)
# ELIF - post request
elif request.method == "POST":
# GET the receiver and message_body from the form
receiver = request.form.get("receiver")
message_body = request.form.get("message-body")
# Get the receiver from the database
rec_user = db.query(User).filter_by(name=receiver).first()
# If receiver is found
if rec_user:
# Create a message object and set the send, receiver and message
message = Message(sender=user.id,
receiver=rec_user.id,
message=message_body)
# Save the message object to the database
db.add(message)
db.commit()
# Send the user back to the index page
return redirect(url_for("index"))
# Else - receiver was not found
else:
# Send the user to the index page
return redirect(url_for("index"))
# Else - not a get or post request
else:
# Send the user to the index page
return redirect(url_for("index"))
# Else - no session_token found
else:
# Send the user to the index page
return redirect(url_for("index"))
def new_password():
if request.method == "GET":
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if user:
return render_template("new_password.html")
else:
return redirect(url_for("index"))
elif request.method == "POST":
old_password = request.form.get("old-password")
new_password = request.form.get("new-password")
session_token = request.cookies.get("session_token")
hashed_old_password = hashlib.sha256(old_password.encode()).hexdigest()
user = db.query(User).filter_by(password=hashed_old_password,
session_token=session_token).first()
if user and new_password:
hashed_new_password = hashlib.sha256(
new_password.encode()).hexdigest()
user.password = hashed_new_password
db.add(user)
db.commit()
return redirect(url_for("profile"))
else:
return "Error authenticating user."
def all_users():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token,
deleted=False).first()
# get data of all undeleted users from database
users = db.query(User).filter_by(deleted=False).all()
return render_template("users.html", users=users, user=user)
def user_details(user_id):
user = db.query(Persons).get(int(user_id))
session["ID"] = user.ID
HelicoptersByUser = db.query(Helicopter, Izposoje).join(
Izposoje,
Helicopter.ID == Izposoje.IDModela).filter_by(IDCloveka=user_id).all()
return render_template("Admin/UserDetails.html",
user=user,
HelicoptersData=HelicoptersByUser)
def ReturnedHelicopter():
HelicopterID = request.form.get("Helicopter")
helikopter = db.query(Helicopter).get(HelicopterID)
helikopter.Rented = 0
izposoja = db.query(Izposoje).filter_by(IsReturned=0,
IDModela=HelicopterID).first()
izposoja.DatumVrnitve = datetime.now()
izposoja.IsReturned = 1
db.session.commit()
return render_template("AdminAndUser/ReturnedHelicopter.html")
def ShowListOfHelicopters():
helikopterji = db.query(Helicopter).filter_by(IsDeleted=0).all()
userPriority = db.query(Persons.PriorityType).filter_by(
SessionToken=request.cookies.get("session_token")).first()
if userPriority.PriorityType == 1:
return render_template("Admin/ShowListOfHelicopters.html",
dataHelikopterji=helikopterji)
else:
return render_template("User/UserShowListOfHelicopters.html",
dataHelikopterji=helikopterji)
def deleteNotes(list_id):
itemlist = db.query(List).get(int(list_id))
items = db.query(Item).filter_by(lid = itemlist.id)
for item in items:
if not item.active:
db.delete(item)
db.commit()
return redirect("/{0}".format(itemlist.id))
def all_users():
session_token = request.cookies.get("session_token")
# get user who is logged in from the database based on her/his session token address
user = db.query(User).filter_by(session_token=session_token).first()
# get ALL users from the database
users = db.query(User).all()
return render_template("users.html", user=user, users=users)
def index():
if request.method == "GET":
todos_db = db.query(Todo).all()
return render_template("index.html", todos_template=todos_db)
else:
todo = request.form.get("todo")
new_todo = Todo(todo=todo, check=False)
db.add(new_todo)
db.commit()
todos_db = db.query(Todo).all()
return render_template("index.html", todos_template=todos_db)
def copy(char_char_name):
global user
global user_characters
chars = db.query(Character).filter_by(char_name=char_char_name).first()
char = Character(user_name=user.name, char_name=chars.char_name, ethnie=chars.ethnie, age=chars.age,
height=chars.height)
db.add(char)
db.commit()
user_characters = db.query(Character).filter_by(user_name=user.name).all()
return render_template("/Nav-Pages/characters.html", character_list=user_characters, admin=user.admin)
def test(test_name):
test = db.query(Test).filter_by(title=test_name).first()
# print('Found iD: ', test.id)
questions = db.query(Question).filter_by(test_id=test.id).all()
count = len(questions)
# print('Found Questions: ', questions)
response = make_response(
render_template("test.html",
test=test_name,
count=count,
question_number=0))
return response
def profile_change_password():
if request.method == "GET":
session_cookie = request.cookies.get("session_cookie")
user_change = db.query(User).filter_by(session_token=session_cookie).first()
return render_template("login.html", change_password=True, email=user_change.email)
elif request.method == "POST":
session_cookie = request.cookies.get("session_cookie")
user_change = db.query(User).filter_by(session_token=session_cookie).first()
password = hashlib.sha256(request.form.get("password").encode("utf-8")).hexdigest()
user_change.password = password
db.commit()
return redirect(url_for("login", logged_in=True, email=user_change.email))
def user_details(user_id):
session_token = request.cookies.get("session_token")
# get user who is logged in from the database based on her/his session token address
user = db.query(User).filter_by(session_token=session_token).first()
# Get the user of which you want to show the profile
target_user = db.query(User).get(int(user_id))
return render_template("user_details.html",
user=user,
target_user=target_user)
def list_users():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if user is None:
response = make_response(
redirect(url_for("login"))
)
return response
users = db.query(User).all()
return render_template("list_users.html", users=users, user=user)
def calendario():
if request.method == "GET":
if "username" in session:
t_month = request.args.get('month') # creo que es de tipo string
t_year = request.args.get('year')
action = request.args.get('action')
user = db.query(User).filter_by(
username=session["username"]).first()
url_imagen = "../static/img/" + user.photo
if t_month and t_year and action:
if action == "previous":
month, year = previous_month(t_month, t_year)
calendario_mes = monthcalendar(year, month)
elif action == "next":
month, year = next_month(t_month, t_year)
calendario_mes = monthcalendar(year, month)
elif action == "current":
month, year = current_month(t_month, t_year)
calendario_mes = monthcalendar(year, month)
else:
month = date.today().month
year = date.today().year
calendario_mes = monthcalendar(year, month)
user = db.query(User).filter_by(
username=session["username"]).first()
citas = db.query(Cita).filter_by(user_id=user.id).all(
) # obtengo todas las citas, pero deberían ser las de ese día
citas_mes = []
for cita in citas: # guardo en citas_mes todas las citas del mes
if cita.fecha.year == year and cita.fecha.month == month:
citas_mes.append(cita)
dias = []
for cita in citas_mes:
dias.append(cita.fecha.day)
return render_template("calendario.html",
calendario_mes=calendario_mes,
month=month,
year=year,
text_month=imprime_mes(month),
username=user.username,
url_imagen=url_imagen,
dias_cita=dias)
else:
return "No estás logueado"
def index():
session_token = request.cookies.get("session_token")
if session_token:
user = db.query(User).filter_by(session_token=session_token).first()
userID = user.id
todo_lists = db.query(List).all()
if len(todo_lists) > 0 :
lists = db.query(List).filter_by(uid = userID)
return render_template("dashboard.html", user=user, lists=lists)
return render_template("dashboard.html", user=user)
else:
user = None
return render_template("index.html")
def renameList(list_id):
itemlist = db.query(List).get(int(list_id))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
return render_template("renamelist.html", itemlist=itemlist, user=user)
if request.method == "POST":
newListName = request.form.get("newListName")
itemlist.list_name = newListName
db.add(itemlist)
db.commit()
return redirect(url_for("index"))
def deleteList(list_id):
itemlist = db.query(List).get(int(list_id))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
return render_template("deletelist.html", itemlist=itemlist, user=user)
if request.method == "POST":
items = db.query(Item).filter_by(lid=itemlist.id)
for item in items:
db.delete(item)
db.delete(itemlist)
db.commit()
return redirect(url_for("index"))