def changepass():
"""Change Password of current user"""
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure old password was submitted
if not request.form.get("oldpass"):
return apology("must provide old pass")
# Ensure password was submitted
elif not request.form.get("password"):
return apology("must provide new pass")
elif not request.form.get("confirmation"):
return apology("must provide confirmation")
# Ensure passwords match
elif not (request.form.get("password")
== request.form.get("confirmation")):
return apology("Password and confirmation don't match")
# Check if old password matches
user = User.query.filter_by(id=session["user_id"]).first()
if not check_password_hash(user.password, request.form.get("oldpass")):
return apology("Old password doesn't match")
pwd = generate_password_hash(request.form.get("password"))
user.password = pwd
db.session.commit()
flash('Password succefully changed')
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("changepass.html")
def delete_user():
"""Delete user"""
if not request.form.get("id"):
return apology("must provide id")
user_id = request.form.get("id")
result = User.query.filter_by(id=user_id).delete()
db.session.commit()
if not result:
return apology("Could not delete user")
else:
flash('User succesfully deleted')
return redirect("/users")
def updateuser():
"""Add/Edit user"""
# Ensure all fields were submitted
if not request.form.get("username"):
return apology("must provide username")
elif not request.form.get("email"):
return apology("must provide email")
elif not request.form.get("real_name"):
return apology("must provide real name")
elif not request.form.get("role"):
return apology("must provide role")
# check if changing password or adding new user
if request.form.get("changePass"):
if not request.form.get("password"):
return apology("must provide password")
elif not request.form.get("confirmation"):
return apology("must provide confirmation")
elif not (request.form.get("password")
== request.form.get("confirmation")):
return apology("Password and confirmation don't match")
pwd = generate_password_hash(request.form.get("password"))
username = request.form.get("username")
email = request.form.get("email")
real_name = request.form.get("real_name")
role = request.form.get("role")
if request.form.get("user_id"):
user_id = request.form.get("user_id")
# Editing existing user
user = User.query.get(user_id)
user.username = username
user.email = email
user.real_name = real_name
user.role = role
db.session.commit()
if request.form.get("changePass"):
# If password changing
user.password = pwd
db.session.commit()
flash('User succesfully modified')
return redirect("/users")
else:
if not pwd:
return apology("Missing password info")
# Adding new user
new_user = User(username, email, pwd, name, role)
db.session.add(new_user)
db.session.commit()
flash('User succesfully registered')
return redirect("/users")
def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
username = request.form.get("username")
# Ensure password was submitted
if not request.form.get("password"):
return apology("must provide password")
# Query database for username
rows = User.query.filter_by(username=username)
# Ensure username exists and password is correct
if rows.count() != 1 or not check_password_hash(
rows[0].password, request.form.get("password")):
return apology("invalid username and/or password")
# Remember which user has logged in
session["user_id"] = rows[0].id
session["user_role"] = rows[0].role
session["user_real_name"] = rows[0].real_name
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
def updateroster():
"""Update/Add shifts in roster"""
print("Update Roster")
if not request.form.get("user_id"):
return apology("must provide user_id")
if not request.form.get("date"):
return apology("must provide date")
if not request.form.get("location"):
return apology("must provide location")
if not request.form.get("start_time"):
return apology("must provide start_time")
if not request.form.get("end_time"):
return apology("must provide end_time")
if not request.form.get("break"):
return apology("must provide break")
user_id = request.form.get("user_id")
date = request.form.get("date")
location = request.form.get("location").lower()
start_time = request.form.get("start_time")
end_time = request.form.get("end_time")
if (request.form.get("break") == "None"):
sbreak = None
else:
sbreak = request.form.get("break")
if (request.form.get("shift_id")):
shift_id = request.form.get("shift_id")
shift = Shift.query.get(shift_id)
shift.user_id = user_id
shift.date = datetime.strptime(date, "%Y-%m-%d")
shift.location = location
shift.start_time = start_time
shift.end_time = end_time
shift.sbreak = sbreak
db.session.commit()
return redirect(request.referrer)
else:
new_shift = Shift(date, start_time, end_time, location, user_id,
sbreak)
db.session.add(new_shift)
db.session.commit()
return redirect(request.referrer)