def deaditor(idnote): if request.method == "POST": if current_user.is_authenticated: if has_access_to_note(idnote, current_user['iduser']): con, conn = connection() con.execute("SELECT * FROM note_view WHERE idnote = %s", escape_string(idnote)) note = con.fetchone() con.execute( "SELECT creator_id FROM note_view WHERE idnote = %s", escape_string(idnote)) creator = con.fetchone() con.close() conn.close() if creator['creator_id'] == current_user['iduser']: try: with open('pytatki/files/' + note['value'], 'wb') as file: file.write(request.data) return jsonify({"data": "Zapisanie powiodło się"}) except Exception as error: flash(error) return jsonify({"data": "Nie udało się zapisać"}) else: return jsonify( {"data": "Tylko właściciel może zapisywać notatkę"}) else: return jsonify({"data": "Nie masz dostępu do notatki"}) else: return jsonify({"data": "Musisz być zalogowany"}) else: if current_user.is_authenticated: if has_access_to_note(idnote, current_user['iduser']): con, conn = connection() con.execute("SELECT * FROM note_view WHERE idnote = %s", escape_string(idnote)) note = con.fetchone() con.execute( "SELECT creator_id FROM note_view WHERE idnote = %s", escape_string(idnote)) creator = con.fetchone() con.close() conn.close() is_author = creator['creator_id'] == current_user['iduser'] if note['note_type'] == "deadnote": with open('pytatki/files/' + note['value'], 'r') as file: data = json.load(file) return render_template("deaditor.html", file=data, is_author=is_author) return redirect("/download/" + idnote) flash("Musisz byc zalogowany", 'warning') return redirect('/app/')
def add(): """Add new file""" if request.method == 'POST': if note_exists(title=request.form['title'], notegroup_id=request.form['notegroup_id']): return jsonify({'data': 'name in use'}), 400 form = request.form if 'file' not in request.files: return jsonify({'data': 'No file part'}) request_file = request.files['file'] if request_file.filename == '': return jsonify({'data': 'Nie wybrano pliku'}) if request_file: if allowed_file(request_file.filename): filename = secure_filename(request_file.filename) else: return jsonify({'data': "File unsecure"}) if not os.path.exists( os.path.join(APP.config['UPLOAD_FOLDER'], form['notegroup_id'], filename)): if not os.path.exists( os.path.join(APP.config['UPLOAD_FOLDER'], form['notegroup_id'])): os.makedirs( os.path.join(APP.config['UPLOAD_FOLDER'], form['notegroup_id'])) request_file.save( os.path.join(APP.config['UPLOAD_FOLDER'], form['notegroup_id'], filename)) else: return jsonify({'data': 'Nieobslugiwane rozszerzenie'}), 501 con, conn = connection() conn.begin() added = create_note(conn, str(os.path.join(form['notegroup_id'], filename)), form['title'], CONFIG['identifiers']['note_type_file_id'], current_user['iduser'], form['notegroup_id'], CONFIG['identifiers']['status_active_id']) conn.commit() con.close() conn.close() if not added: return jsonify({'data': 'failed'}), 500 return jsonify({'data': 'Notatka zostala dodana!'}), 201 else: con, conn = connection() con.execute("SELECT * FROM notegroup_view WHERE iduser = %s", escape_string(str(current_user['iduser']))) topics = con.fetchall() con.close() conn.close() return render_template('add.html', topics=topics)
def insert_removed_status(insert_active_status): c, conn = connection() conn.begin() create_status(conn, 'removed', 'Record is removed') conn.commit() c.close() conn.close()
def get_user(id_user=None, login=None, email=None): """Returns user by given data""" sql = "SELECT * FROM user WHERE {} = %s" user_data = () if id_user: sql = sql.format("iduser") user_data = (escape_string(str(id_user))) elif login: sql = sql.format("login") user_data = (escape_string(login)) elif email: sql = sql.format("email") user_data = (escape_string(email)) con, conn = connection() con.execute(sql, user_data) user_dict = con.fetchone() if not user_dict: return None con.execute("SELECT * FROM user_membership WHERE user_id = %s AND usergroup_id = %s", (escape_string(str(user_dict['iduser'])), escape_string(str(Config['identifiers']['admingroup_id'])))) admin = con.fetchone() user = User(is_admin=bool(admin)) user.update(user_dict) con.close() conn.close() gc.collect() return user
def post_note(title="xxd", type_name="text", value="xd", id_notegroup=1, id_user=1): """Post a note to database""" if not has_access_to_notegroup(id_notegroup, id_user): return "Access denied" if type_name == "file": return "File type is not supported via GraphQL" con, conn = connection() con.execute( "SELECT idnote FROM note WHERE title = %s AND notegroup_id = %s", (escape_string(title), escape_string(str(id_notegroup)))) used_name = con.fetchone() if used_name: con.close() conn.close() return "Cannot add note: used title" conn.begin() con.execute( "INSERT INTO note (value, title, note_type_id, user_id, notegroup_id) VALUES (%s, %s, %s, %s, %s)", (escape_string(value), escape_string(title), escape_string(str(type_id(type_name))), escape_string( str(id_user)), escape_string(str(id_notegroup)))) note_id = con.lastrowid con.execute( "INSERT INTO action (content, user_id, note_id) VALUES (\"Create\", %s, %s)", (escape_string(str(id_user)), escape_string(str(note_id)))) conn.commit() con.execute("SELECT * FROM note_view WHERE idnote = %s", escape_string(str(note_id))) note = con.fetchone() return note
def test_create_action(insert_user): _, conn = connection() _.execute("SELECT * FROM action WHERE content=\"create note Test\"") exists = _.fetchone() conn.close() if not exists: raise AssertionError()
def find_notegroup_children(id_notegroup, id_user): """Generate dict with recurent children of usergroup""" if id_notegroup == 0 or not int(id_notegroup) or id_user == 0 or not int( id_user): return "ID must be a valid positive integer" children = [] if has_access_to_notegroup(id_notegroup, id_user): con, conn = connection() con.execute( "SELECT idnotegroup, folder_name FROM notegroup_view WHERE iduser = %s AND parent_id = %s", (escape_string(str(id_user)), escape_string(str(id_notegroup)))) usergroups = con.fetchall() con.execute( "SELECT idnote, value, note_type, creator_login, notegroup_id, notegroup_name, title AS 'name' FROM " "note_view WHERE notegroup_id = %s AND status_id = 1", escape_string(str(id_notegroup))) notes = con.fetchall() con.close() conn.close() if usergroups: for usergroup in usergroups: children.append(usergroup) if notes: for note in notes: children.append(note) return json.dumps(children, ensure_ascii=False)
def insert_active_status(create_db): _, conn = connection() conn.begin() create_status(conn, 'active', 'Record is active') conn.commit() _.close() conn.close()
def take_admin(identifier): """take admin""" if int(identifier) != int(CONFIG['identifiers']['admin_id']): con, conn = connection() query = con.execute("SELECT iduser, login FROM user WHERE iduser = %s", escape_string(identifier)) user = con.fetchone() if current_user.is_admin and query: try: con.execute( "DELETE FROM user_membership WHERE user_id = %s AND usergroup_id = %s", (escape_string(identifier), escape_string(int( CONFIG['identifiers']['admingroup_id'])))) conn.commit() flash( 'Odebrano uprawnienia administratora uzytkownikowi ' + user['login'], 'success') except Exception as error: flash("Error: " + str(error), 'danger') else: flash("Nie mozesz tego zrobic", 'warning') con.close() conn.close() else: flash("Nie mozesz tego zrobic", 'warning') return redirect( request.args.get('next') if 'next' in request.args else '/')
def test_notegroup_empty(insert_notegroup, insert_usergroup): _, conn = connection() notegroup_id = insert_notegroup(conn, 'test_empty', insert_usergroup) if notegroup_empty(notegroup_id) is not True: raise AssertionError() _.close() conn.close()
def test_remove_note(insert_note): _, conn = connection() remove_note(conn, 1, 1) conn.commit() if note_exists(idnote=1) is not False: raise AssertionError() _.close() conn.close()
def insert_user(insert_active_status): _, conn = connection() conn.begin() user_id = create_user(conn, 'test', 'test', 'test@test', 1) conn.commit() _.close() conn.close() return user_id
def executeSQL(query, *args, **kwargs): con, conn = connection() con.execute(query, *args, **kwargs) result = con.fetchone() con.close() conn.close() gc.collect() return result
def insert_text_note_type(create_db): _, conn = connection() conn.begin() note_type_id = create_note_type(conn, 'text', 'Text') conn.commit() _.close() conn.close() return note_type_id
def insert_test_notegroup(insert_usergroup, insert_user): _, conn = connection() conn.begin() notegroup_id = create_notegroup(conn, 'test', insert_usergroup) conn.commit() _.close() conn.close() return notegroup_id
def _insert(*args, **kwargs): _, conn = connection() conn.begin() notegroup_id = create_notegroup(*args, **kwargs) conn.commit() _.close() conn.close() return notegroup_id
def join_group(group): group = ts.loads(group, salt=APP.secret_key, max_age=86400) con, conn = connection() conn.begin() add_user_to_usergroup(conn, current_user['iduser'], group) conn.commit() con.close() conn.close() return redirect('/app/')
def insert_usergroup(insert_user): _, conn = connection() conn.begin() usergroup_id = create_usergroup(conn, 'test', 'test') add_user_to_usergroup(conn, insert_user, usergroup_id) conn.commit() _.close() conn.close() return usergroup_id
def api_create_usergroup(name, description, iduser): con, conn = connection() conn.begin() idusergroup = create_usergroup(conn, name, description) add_user_to_usergroup(conn, iduser, idusergroup) create_notegroup(conn, "root{}".format(name), idusergroup) conn.commit() con.close() conn.close() return json.dumps({'data': idusergroup})
def insert_note(insert_user, insert_text_note_type, insert_test_notegroup): """Insert new note""" con, conn = connection() conn.begin() note_id = create_note( conn, 'test', 'Test', insert_text_note_type, insert_user, insert_test_notegroup, 1) conn.commit() con.close() conn.close() return note_id
def api_create_notegroup(name, idusergroup, parent_id, id_user): con, conn = connection() conn.begin() idnotegroup = create_notegroup(conn, name, idusergroup, parent_id=parent_id) conn.commit() con.close() conn.close() return json.dumps({'data': idnotegroup})
def update_password(): if current_user.check_password(request.form['password']): con, conn = connection() password = sha256_crypt.encrypt((str(request.form['new-password']))) con.execute("UPDATE user SET password = %s WHERE iduser = %s", (escape_string(password), escape_string(str(current_user['iduser'])))) conn.commit() con.close() conn.close() return redirect( request.args.get('next') if 'next' in request.args else '/')
def delete_notegroup(identifier): if has_access_to_notegroup(identifier, current_user['iduser']): if notegroup_empty(identifier): con, conn = connection() conn.begin() remove_notegroup(conn, identifier) conn.commit() con.close() conn.close() return jsonify({'data': 'success'}) return jsonify({'data': 'notegroup not empty'}) return jsonify({"data": 'access denied'}), 403
def db_init(host=None, user=None, password=None): """Create database from sql/create-database""" host = input("DB host: [127.0.0.1]") if not host else host host = '127.0.0.1' if host == '' else host user = input("DB user: [root] ") if not user else user user = '******' if user == '' else user password = input("DB root password: "******"Connecting...") conn = connect(host=host, user=user, password=password) print("Connection OK") print("Setting up database...") create_database = parse_sql('sql/create-database.sql') conn.begin() for query in create_database: conn.cursor().execute(query) conn.commit() conn.close() con, conn = connection(host='127.0.0.1', user='******', password='******', db='pytatki') conn.begin() admin_group_id = create_usergroup(conn, 'admins', 'Group of admins') active_id = create_status(conn, 'active', 'Record is active') removed_id = create_status(conn, 'removed', 'Record is removed') file_id = create_note_type( conn, "file", "A file in format of txt, pdf, png, jpg, jpeg, gif, doc, docx, ppt, pptx, xslx, xsl, odt, rtf, cpp" ) text_id = create_note_type(conn, "text", "Just plain non-formated text") url_id = create_note_type(conn, "url", "An URL link to another resource") deadnote_id = create_note_type(conn, "deadnote", "Note made with Pytatki") username = input("Insert your admin login: [admin]") username = '******' if username == '' else username email = input("Insert your admin email: ") password = input("Insert your admin password: "******"INSERT INTO user_membership (user_id, usergroup_id) VALUES (%s, %s)", (escape_string(str(admin_id)), escape_string(str(admin_group_id)))) conn.commit() con.close() conn.close() save_to_config({ 'admingroup_id': admin_group_id, 'admin_id': admin_id, 'active_id': active_id, 'removed_id': removed_id, 'file_id': file_id, 'text_id': text_id, 'url_id': url_id, 'deadnote_id': deadnote_id })
def get_token_get(): next_url = request.args.get('next') state = request.args.get('state') con, conn = connection() # con.execute("SELECT * FROM app_view WHERE client_id = %s", # escape_string(request.args.get('client_id'))) app = {'idapp': 1, 'name': 'GraphQL', 'access': 'rw'} con.close() conn.close() return render_template("dialog/auth.html", app=app, next_url=next_url, state=state)
def register_post(): """Function for registration a new user""" # try: if not current_user.is_authenticated: form = request.form con, conn = connection() if 'password' in form and form['password'] == form['confirm'] and len( form['password']) >= 8 and valid_password(form['password']): wrong_password = False else: wrong_password = True accept = form['accept_tos'] if 'accept_tos' in form else None con.execute( "SELECT * FROM user WHERE login = (%s) OR email = %s", (escape_string(form['username']), escape_string(form['email']))) used_username = con.fetchone() if accept != 'checked' or used_username or '@' not in form['email'] \ or wrong_password or valid_username(form['username']): return render_template( 'register.html', form=form, not_accept=bool(accept != 'checked'), used_username=used_username, wrong_email=bool('@' not in form['email']), wrong_password=wrong_password, wrong_username=bool(' ' in form['username']), upper=bool(not form['username'] == form['username'].lower()), ) con.execute("SELECT idstatus FROM status WHERE name = \"active\"") active = con.fetchone() con.execute( "INSERT INTO user (login, password, email, status_id) VALUES " "(%s, %s, %s, %s)", (escape_string(form['username']), sha256_crypt.encrypt(escape_string( form['password'])), escape_string( form['email']), escape_string(str(active['idstatus'])))) conn.commit() flash("Zarejestrowano pomyslnie!", 'success') con.close() conn.close() gc.collect() send_confirmation_email(form['email']) return redirect( url_for('login_get', next=request.args.get('next'), username=form['username'])) else: flash("Jestes juz zalogowany!", 'warning') return redirect( request.args.get('next') if 'next' in request.args else '/')
def confirm_email(token): try: email = ts.loads(token, salt=APP.secret_key, max_age=86400) con, conn = connection() con.execute("UPDATE user SET email_confirm = 1 WHERE email = (%s)", escape_string(email)) conn.commit() flash("Adres email zweryfikowany!", 'success') con.close() conn.close() gc.collect() except Exception as error: flash("Blad" + str(error), 'danger') return redirect('/')
def test_remove_notegroup(insert_notegroup, insert_usergroup): _, conn = connection() conn.begin() notegroup_id = insert_notegroup(conn, 'test_remove', insert_usergroup) remove_notegroup(conn, notegroup_id) conn.commit() _.execute("SELECT * FROM notegroup WHERE idnotegroup = %s", pymysql.escape_string(str(notegroup_id))) notegroup = _.fetchone() if notegroup: print(notegroup) raise AssertionError() _.close() conn.close()
def test_create_note(insert_user): con, conn = connection() note = create_note(conn, "test", "Test", 1, 1, 1, 1) conn.commit() if note: print(note) raise AssertionError() note = create_note(conn, "test_create_note", "TestCN", 1, 1, 1, 1) conn.commit() if note is None: print(note) raise AssertionError() con.close() conn.close()
def user_list(): """wyswietla liste uzytkownikow""" if current_user.is_admin: con, conn = connection() con.execute("SELECT * FROM user") users_raw = con.fetchall() con.close() conn.close() users = [] for user_dict in users_raw: user = get_user(id_user=user_dict['iduser']) users.append(user) return render_template('user_list.html', users=users) flash('Nie mozesz tego zrobic!', 'warning') return redirect('/')