def modifyUser(): _id = request.args.get('id', '') _user = models.get_user_by_id(_id) if _user is None: return render_template('update.html', result='用户信息不存在') else: return render_template('update.html', id=_user['id'], username=_user['username'], telephone=_user['telephone'], age=_user['age'])
def user_view(): user = models.get_user_by_id(request.args.get('id', 0)) print user return render_template('user_view.html', id=user.get('id', ''), username=user.get('name', ''), age=user.get('age', ''))
def updateUser(): _id = request.form.get('id', '') _user = models.get_user_by_id(_id) if _user is None: return render_template('update.html', result='用户信息不存在') else: telephone = request.form.get('telephone', '') age = request.form.get('age', '') # 检查用户提交的数据 ok, result = models.validate_user_modify(telephone, age) # 如果检查通过则添加到DB if ok: if models.modify_user(_user['id'], telephone, age): ok = True result = '更新成功' else: ok = False result = '更新失败' if ok: #return redirect('/users/') return json.dumps({'ok': True}) else: return json.dumps({'ok': False, 'result': result})
def updateUser(): _id = request.form.get("id", "") _user = models.get_user_by_id(_id) if _user is None: return render_template("update.html", result="用户信息不存在") else: telephone = request.form.get("telephone", "") age = request.form.get("age", "") # 检查用户提交的数据 ok, result = models.validate_user_modify(telephone, age) # 如果检查通过则添加到DB if ok: if models.modify_user(_user["id"], telephone, age): ok = True result = "更新成功" else: ok = False result = "更新失败" if ok: return redirect("/users/") else: return render_template( "update.html", result=result, id=_user["id"], username=_user["username"], telephone=telephone, age=age )
def get_current_user(cookie_str): user = None if cookie_str: user_id = signup.check_secure_val(cookie_str) if user_id: user = models.get_user_by_id(user_id) return user
def updateUser(): _id = request.form.get('id', '') _user = models.get_user_by_id(_id) if _user is None: return render_template('update.html', result='用户信息不存在') else: telephone = request.form.get('telephone', '') age = request.form.get('age', '') # 检查用户提交的数据 ok, result = models.validate_user_modify(telephone, age) # 如果检查通过则添加到DB if ok: if models.modify_user(_user['id'], telephone, age): ok = True result = '更新成功' else: ok = False result = '更新失败' if ok: #return redirect('/users/') return json.dumps({'ok' : True}) else: return json.dumps({'ok' : False, 'result' : result})
def user_delete(): uid = request.args.get('id', '') username = models.get_user_by_id(uid).get('name') rt = models.user_delete(uid) if rt: flash('delete user:%s succeed' % username) return redirect(url_for('user'))
def get_user(self): session_string = self.request.cookies.get('user_id') if session_string: if utils.valid_cookie_hash(session_string): session_hash, user_id = session_string.split("|") user = models.get_user_by_id(int(user_id)) return user return None
def users_view(): if session.get('user') is None: return redirect('/') user = models.get_user_by_id(request.args.get('id',0)) return render_template('user_view.html',id=user.get('id',''),\ username=user.get('name',''),age=user.get('age',0),\ department=user.get('department'),sex=user.get('sex'),\ birthday=user.get('birthday'),email=user.get('email'),\ hobby=user.get('hobby'))
def user_view_json(): if session.get('user') is None: return redirect('/') params = request.form if 'POST' == request.method else request.args id = params.get('id',0) user = models.get_user_by_id(id) #通过id获取用户的信息,再通过模板传给user_view.html,从而在修改页面显示用户的信息 print user return json.dumps(user)
def modifyUser(): _id = request.args.get("id", "") _user = models.get_user_by_id(_id) if _user is None: return render_template("update.html", result="用户信息不存在") else: return render_template( "update.html", id=_user["id"], username=_user["username"], telephone=_user["telephone"], age=_user["age"] )
def user_view(): if session.get('user') is None: return redirect('/') params = request.form if 'POST' == request.method else request.args id = params.get('id',0) user = models.get_user_by_id(id) #通过id获取用户的信息,再通过模板传给user_view.html,从而在修改页面显示用户的信息 print user return render_template('user_view.html',id = user.get('id',''), username = user.get('name',0), age = user.get('age',0))
def profile(uid): """ Return serializable users data :param uid: :return String: (JSON) """ user = get_user_by_id(uid) return jsonify(user.serialize)
def remove_profile(): """ Remove user profile :return mix: """ # get uid uid = int(session['uid']) # get user items items = [item.serialize for item in get_items_by_user(uid)] # if the user have any items create message if len(items) > 0: flash('First remove your cars', 'error') # get user user = get_user_by_id(uid) # get user full name name = ' '.join([user.first_name, user.last_name]) if request.method == 'POST' and request.form['csrf_token'] == csrf_token: if len(items) > 0: return render('users/delete_profile.html', brands=brands, csrf_token=csrf_token) # get absolute path to image path = ''.join([BASE_DIR, user.picture]) # if file exist remove the image file if os.path.isfile(path): os.unlink(path) # remove user data from database remove_user(uid) # remove session del session['uid'] if 'provider' in session: del session['provider'] # create success message flash('Profile "%s" was removed' % name, 'success') # redirect user to home page return redirect('/', 302) return render('users/delete_profile.html', brands=brands, csrf_token=csrf_token)
def user_view(): if session.get('user') is None: return redirect('/') user = models.get_user_by_id(request.args.get('id', 0)) return render_template('user_view.html',id=user.get('id', ''), username=user.get('name', ''), department=user.get('department', '2'), hobby=user.get('hobby', ['basketball', 'pingpong']), sex=user.get('sex', '1'), )
def user_view(): if session.get('user') is None: return redirect('/') user = models.get_user_by_id(request.args.get('id', 0)) return render_template('user_view.html', username=user.get('name', ''), age=user.get('age', ''), id=user.get('id', ''), department=user.get('department', ''), email=user.get('email', ''), hobby=user.get('hobby', ''), detail=user.get('detail', ''))
def delete_user(uid): """ Remove user's profile :param uid: :return string: JSON """ user_profile = get_user_by_id(uid) if user_profile.id != g.user.id: return jsonify({'error': 'permission denied'}), 403 else: remove_user(uid) return jsonify({'message': 'account was removed'}), 200
def edit_profile(uid): """ Edit user's data :param uid: :return string: JSON """ # check if the user is the owner user_profile = get_user_by_id(uid) if user_profile.id != g.user.id: return jsonify({'error': 'permission denied'}), 403 # define user object user = { 'uid': uid, 'username': clean(request.json.get('username')), 'first_name': clean(request.json.get('first_name')), 'last_name': clean(request.json.get('last_name')), 'email': clean(request.json.get('email')), } # validate data if not user['username']: return jsonify({'error': 'username can\'t be empty'}) if not user['first_name']: return jsonify({'error': 'first name can\'t be empty'}) if not user['last_name']: return jsonify({'error': 'last name can\'t be empty'}) if not user['email']: return jsonify({'error': 'email can\'t be empty'}) if user_profile.email != user['email'] and email_exist(user['email']): return jsonify({'error': 'email already registered'}) # update user update_user(user) g.user = get_user_by_id(uid) return jsonify({'message': 'User %s was update!' % g.user.get_full_name})
def edit_car(item_id): """ Edit item :param item_id: :return mix: """ # get user user = get_user_by_id(session['uid']) # Get car car = get_item_by_id(item_id) # Check the user is the owner if int(session['uid']) != int(car.author): flash('You don\'t have permission to edit it.', 'error') return redirect('/profile', 302) # Get token token = user.generate_auth_token(3600) if request.method == 'POST' and request.form['csrf_token'] == csrf_token: _car = dict() # cleaning data try: _car['description'] = clean(request.form['description']) _car['title'] = clean(request.form['title']) _car['model'] = clean(request.form['model']) _car['price'] = clean(request.form['price']) _car['brand'] = clean(request.form['brand']) _car['author'] = session['uid'] except TypeError: flash('fields can\'t be empty', 'error') return render('catalog/new_car.html', brands=brands, csrf=csrf_token) # update car, create success message and redirect user item = update_item(_car, item_id) flash('Record "%s" was successfully updated' % item.title, 'success') return redirect('/profile', 302) return render('catalog/edit_car.html', brands=brands, car=car.serialize, token=token, user=user.serialize, csrf_token=csrf_token)
def user_profile(): """ Profile page :return: """ user = get_user_by_id(session['uid']) title = '%s - profile' % user.get_full_name cars = [item.serialize for item in get_items_by_user(session['uid'])] print cars return render('/users/profile.html', brands=brands, title=title, cars=cars, user=user.serialize)
def edit_user_profile(): """ Edit user profile :return mix: """ # check if user is logged in if not session.get('uid'): return redirect('/login', 302) # get user user = get_user_by_id(session['uid']) # POST request if request.method == 'POST' and request.form['csrf_token'] == csrf_token: # cleaning data try: _user = dict() _user['uid'] = int(session['uid']) _user['username'] = clean(request.form['username']) _user['first_name'] = clean(request.form['first_name']) _user['last_name'] = clean(request.form['last_name']) _user['email'] = clean(request.form['email']) except TypeError: flash('Fields can\'t be empty', 'error') return redirect('/profile', 302) if email_is_valid(_user['email']): user = update_user(_user) full_name = ' '.join([user.first_name, user.last_name]) message = 'Dear %s, your information was updating' % full_name flash(message, 'success') return redirect('/profile', 302) else: flash('Invalid email', 'error') return render('users/edit_profile.html', brands=brands, user=user, csrf_token=csrf_token) return render('users/edit_profile.html', brands=brands, token=user.generate_auth_token(3600), user=user, csrf_token=csrf_token)
def add_item_images(uid, item_id): """ Save item's images :param uid: :param item_id: :return string: JSON """ images = list() # validate numbers try: uid = int(uid) item_id = int(item_id) except ValueError or TypeError: return jsonify({'error': "wrong address"}) # get user data user_profile = get_user_by_id(uid) # check the user is the owner of the account if user_profile.id != g.user.id: return jsonify({'error': 'permission denied'}), 403 # get list of images upload_images = request.files.getlist('file') # validate images if upload_images is []: return jsonify({'error': "server didn't get any images"}), 206 if len(upload_images) > 10: return jsonify({'error': "too many images, maximum 10"}), 206 # prepare data for saving for image in upload_images: filename = get_path(filename=secure_filename(image.filename), folder=app.config['UPLOAD_FOLDER']) abs_path = '%s%s' % (BASE_DIR, filename) image.save(abs_path) images.append(filename) # prepare response item_images = [item.serialize for item in add_images(images, item_id)] return jsonify(item_images), 200
def update_session(user): session['logged_in'] = True session['username'] = user.email session['first_name'] = user.fname session['userid'] = user.userid user = models.get_user_by_id(session['userid']) session['userid'] = user.userid cust = models.get_customer_by_user(user) chef = models.get_chef_by_user(user) if (cust): session['custid'] = cust.customerid else: session['custid'] = None if (chef): session['chefid'] = chef.chefid else: session['chefid'] = None
def edit_photo(uid): """ Update user's photo (avatar) :param uid: :return string: JSON """ # check the user is the owner user_profile = get_user_by_id(uid) if user_profile.id != g.user.id: return jsonify({'error': 'permission denied'}), 403 # check if the post request has the file part if 'file' not in request.files: return jsonify({'error': "Server don't get image"}), 206 photo = request.files['file'] # if user does not select file, browser also # submit a empty part without filename if photo.filename == '': return jsonify({'error': 'No selected file'}), 200 if photo and allowed_file(photo.filename, ALLOWED_EXTENSIONS): # prepare relative path to the image for database filename = get_path(filename=secure_filename(photo.filename), folder=app.config['UPLOAD_FOLDER']) # prepare absolute path to the image for saving abs_path = '%s%s' % (BASE_DIR, filename) # save image photo.save(abs_path) # update user data user = update_user_photo(filename, g.user.id) return jsonify(user.serialize), 200 else: return jsonify({'error', "Can't update user photo"}), 200
def verify_password(_login, password): """ Verification of password :param _login: :param password: :return bool: """ # Try to see if it's a token first user_id = User.verify_auth_token(_login) if user_id: user = get_user_by_id(user_id) else: user = get_user_by_email(_login) if not user: user = get_user_by_username(_login) if not user or not user.verify_password(password): return False else: if not user.verify_password(password): return False g.user = user return True
def load_user(user_id): return models.get_user_by_id(user_id)
def users_view(): if session.get('user') is None: return redirect('/') user = models.get_user_by_id(request.args.get('id',0)) return render_template('user_view.html',id=user.get('id',''), username=user.get('name',''),age=user.get('age',0))
def users_delete(): user = models.get_user_by_id(request.args.get('id',0)) id=user.get('id','') models.user_delete(id) return redirect('/users/')
def get_user(uid): user = get_user_by_id(uid) if not user: abort(400) return jsonify({'username': user.username})
def account(): form = forms.AccountForm(request.form) form.country.choices = [(c.countryid, c.countryname) for c in models.get_all_countries()] form.chefspec.choices = [(c.cuisineid, c.cuisine_name) for c in models.get_all_cuisines()] form.chefspec.choices.append((-1, "Pick a Specialty...")) #form.custpref.choices = [(c.cuisineid, c.cuisine_name) for c in models.get_all_cuisines()] # populate form with existing info user = models.get_user_by_id(session['userid']) chef = models.get_chef_by_id(session['chefid']) cust = models.get_customer_by_id(session['custid']) print form.first_name.data, form.last_name.data print form.country.data, form.usertype.data print request.method, form.validate() if (request.method == 'POST'): print request.form # delete chef/cust only options from the form to get through validation if (not chef): del form.chefspec if (not cust): del form.custpref if (form.validate()): print "posting..." fname = form.first_name.data lname = form.last_name.data email = form.email_id.data passwd = sha256_crypt.encrypt(str(form.password.data)) user_type = form.usertype.data aptno = form.apartment_no.data street = form.street.data city = form.city.data state = form.state.data zipcode = int(form.zipcode.data) if form.zipcode.data else None country = int(form.country.data) if form.country.data else None phoneno = int( form.phone_number.data) if form.phone_number.data else None chefspec = None reachouts = None custpref = None if (chef): chefspec = int(form.chefspec.data) reachouts = form.reachouts.data if (cust): custpref = form.custpref.data # update with new info if necessary r = user.update(fname, lname, email, passwd, user_type, aptno, street, city, state, zipcode, country, phoneno, chefspec, reachouts, custpref) update_session(user) if (r == 0): flash( 'User details updated. Visit account page again to see new fields', 'success') else: flash('Update failed, check the submitted data for errors', 'danger') return render_template('account.html', form=form, chef=chef, cust=cust) else: flash('Update failed, check the submitted data for errors', 'danger') return render_template('account.html', form=form, chef=chef, cust=cust) elif (request.method == 'GET'): usertype = "" aptno, street, city, state, zipcode, countryid, phoneno = (None, ) * 7 chefspec = None custpref = None reachouts = None if (chef and cust): usertype = "both" aptno = chef.address street = chef.street city = chef.city state = chef.state zipcode = chef.zipcode countryid = chef.countryid phoneno = chef.phone_number chefspec = chef.get_specialty() reachouts = chef.get_reachouts_str() custpref = cust.preference elif (chef): usertype = "chef" aptno = chef.address street = chef.street city = chef.city state = chef.state zipcode = chef.zipcode countryid = chef.countryid phoneno = chef.phone_number chefspec = chef.get_specialty() reachouts = chef.get_reachouts_str() elif (cust): usertype = "customer" aptno = cust.address street = cust.street city = cust.city state = cust.state zipcode = cust.zipcode countryid = cust.countryid phoneno = cust.phone_number custpref = cust.preference form.first_name.data = user.fname form.last_name.data = user.lname form.email_id.data = user.email form.password.data = None form.usertype.data = usertype form.apartment_no.data = aptno form.street.data = street form.city.data = city form.state.data = state form.zipcode.data = str(zipcode) form.country.data = countryid form.phone_number.data = str(phoneno) form.chefspec.data = chefspec.cuisineid if chefspec else -1 form.reachouts.data = reachouts form.custpref.data = custpref if (not chef): del form.chefspec del form.reachouts if (not cust): del form.custpref return render_template('account.html', form=form, chef=chef, cust=cust) flash('Update failed', 'danger') return render_template('account.html', form=form, chef=chef, cust=cust)