def admin_user_page():
id = users.user_id()
if id == 0 or not users.check_if_admin(id):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
list = users.get_list_of_users()
return render_template("adminusers.html", users = list, admin = users.check_if_admin(id))
def admin_appeal_page():
if request.method == "GET":
id = users.user_id()
if id == 0 or not users.check_if_admin(id):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
list = ban_appeals.get_list()
return render_template("adminappeals.html", appeals = list, admin = users.check_if_admin(id))
if request.method == "POST":
check_csrf()
banned_user = request.form.get("banned_user")
ban_appeals.solve(banned_user)
users.ban_unban(banned_user)
return redirect("/admin/appeals")
def new_subsection(title):
user_id = users.user_id()
if not users.check_if_admin(user_id):
return False
else:
sql = "INSERT INTO thread_subsections (title, deleted) VALUES (:title, False)"
result = db.session.execute(sql, {"title": title})
db.session.commit()
return True
def delete_subsection(id):
user_id = users.user_id()
if user_id == 0:
return False
if users.check_if_admin(user_id):
sql = "UPDATE thread_subsections SET deleted = True WHERE id=:id"
db.session.execute(sql, {"id": id})
db.session.commit()
return True
return False
def delete_thread(id):
user_id = users.user_id()
if user_id == 0:
return False
if users.check_if_admin(user_id) or get_sender_id(id) == user_id:
sql = "UPDATE message_threads SET deleted = True WHERE id=:id"
db.session.execute(sql, {"id": id})
db.session.commit()
return True
return False
def default_homepage_with_error(error_statement):
list = threads.get_list_of_threads()
subsections = thread_subsections.get_list_of_subsections()
id = users.user_id()
if id == 0:
return render_template("index.html", list_of_threads = list, error_statement = error_statement, subsections = subsections)
if is_user_banned():
return redirect("/banned")
else:
admin = users.check_if_admin(id)
return render_template("index.html", list_of_threads = list,
error_statement = error_statement, admin = admin, subsections = subsections)
def delete_subsection():
user_id = users.user_id()
if user_id == 0 or not users.check_if_admin(user_id) or request.method == "GET":
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
if request.method == "POST":
check_csrf()
subsection_id = request.form.get("subsection_id")
if not subsection_id:
return redirect("/admin/subsection")
thread_subsections.delete_subsection(subsection_id)
return redirect("/admin/subsection")
def ban():
user_id = users.user_id()
if user_id == 0 or not users.check_if_admin(user_id):
error_statement = "You shouldn't go there ;)"
default_homepage_with_error(error_statement)
if request.method == "GET":
error_statement = "You shouldn't go there ;)"
default_homepage_with_error(error_statement)
if request.method == "POST":
check_csrf()
ban_unban = request.form.get("user_id")
users.ban_unban(ban_unban)
return redirect("/admin/users")
def subsection():
user_id = users.user_id()
if user_id == 0 or not users.check_if_admin(user_id):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
if request.method == "GET":
list = thread_subsections.get_list_of_subsections()
return render_template("subsection.html", list = list)
if request.method == "POST":
check_csrf()
title = request.form.get("title")
if not title:
return redirect("/admin/subsection")
if len(title) > 50:
return redirect("/admin/subsection")
thread_subsections.new_subsection(title)
return redirect("/admin/subsection")
def new_admin():
users.require_admin
users.check_csrf()
username = request.form["username"]
if len(username) <= 1 or len(username) >= 20:
return render_template(
"admins_issue.html",
message="Käyttäjätunnuksessa oltava 1-20 merkkiä")
if not users.username_exists_already(username):
return render_template("admins_issue.html",
message="Käyttäjää ei löydy.")
if users.check_if_admin(username):
return render_template("admins_issue.html",
message="Kyseinen käyttäjä on jo ylläpitäjä.")
if users.turn_user_into_admin(username):
return redirect("/admins")
else:
render_template(
"admins_issue.html",
message="Käyttäjän muuttaminen ylläpitäjäksi epäonnistui")
def search():
user_id = users.user_id()
if user_id == 0 and request.method == "GET":
return render_template("search.html")
if is_user_banned():
return redirect("/banned")
if request.method == "GET":
return render_template("search.html", admin = users.check_if_admin(user_id))
if request.method == "POST":
if user_id != 0:
check_csrf()
search_content = request.form.get("search_content")
if not search_content:
return redirect("/search")
search_users = users.search(search_content)
search_threads = threads.search(search_content)
search_messages = messages.search(search_content)
show_results = True
return render_template("search.html",
search_users = search_users, search_threads = search_threads,
search_messages = search_messages, search_content = search_content,
show_results = show_results)
def admin():
if not users.check_if_admin(users.user_id()):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
return render_template("admin.html")