def favorite_houses(): if not authenticated(session): abort(401) else: conn = connection() houses = User.favorite_houses(conn, session['user']['id']) return render_template("houses/all_houses.html", title="Tu lista de favoritos", houses=houses)
def add_like(): data = request.get_json() id_user = data['id_user'] id_house = data['id_house'] if(id_user == "" or id_user == None): abort(404) if(id_house == "" or id_house == None): abort(404) conn = connection() #Verify if the user or house exist if not User.find_by_id(conn, id_user): abort(404) if not House.find_by_id(conn, id_house): abort(404) if House.was_sold(conn, id_house): abort(404) #If the user has liked the house before if (House.verify_like(conn, id_user, id_house)): House.remove_like(conn, id_user, id_house) else: #If the user has disliked the house before if (House.verify_dislike(conn, id_user, id_house)): House.remove_dislike(conn, id_user, id_house) House.add_like(conn, id_user, id_house) stars = update_stars(conn, id_house) return jsonify({"likes": House.likes(conn, id_house), "dislikes": House.dislikes(conn, id_house), "stars": stars})
def create(): if not authenticated(session): abort(403) else: id_folder = int(request.form.get("id_folder")) task_name = request.form.get("task_name") if(id_folder == None) or (id_folder == ""): flash("The folder must have an id!", category="error") return redirect(request.referrer) if(task_name == None) or (task_name == ""): flash("The task must have a name!", category="error") return redirect(request.referrer) conn = connection() if User.has_permision_to_open_folder(conn, session['user']['id'], id_folder): if Task.exists(conn, id_folder, task_name): flash("The task already exists!", category="error") return redirect(request.referrer) else: try: Task.create(conn, id_folder, task_name) flash("One task has been added!", category="success") except: flash("There was an error adding your task", category="error") else: flash("You can't access that folder!", category="error") return redirect(request.referrer)
def search(): form = SearchForm() records = [] if form.validate_on_submit(): term = form.term.data.strip() connection = db.connection() cursor = connection.cursor() cursor.execute( ''' SELECT g.status, g.id, gr.name, gr.grade, gr.institution, gr.created FROM graduate_record gr RIGHT JOIN graduate g ON g.id = gr.graduate_id WHERE g.id ILIKE %s OR gr.name ILIKE %s OR gr.grade ILIKE %s OR gr.institution ILIKE %s ORDER BY gr.created; ''', ['%{}%'.format(term)] * 4) records = cursor.fetchall() return render_template('sunedu/search.html', form=form, records=records)
def search(): form = SearchForm() doctors = [] if form.validate_on_submit(): term = form.term.data.strip() connection = db.connection() cursor = connection.cursor() cursor.execute( ''' SELECT d.id, d.name, d.surname, d.state, d.email, d.region, d.status, d.created FROM doctor d WHERE d.id ILIKE %s OR d.name ILIKE %s OR d.surname ILIKE %s OR d.state ILIKE %s OR d.email ILIKE %s OR d.region ILIKE %s ORDER BY d.id; ''', ['%{}%'.format(term)] * 6) doctors = cursor.fetchall() return render_template('cmp/search.html', form=form, doctors=doctors)
def main_menu(): if not authenticated(session): abort(403) else: conn = connection() folders = Folder.find_by_id_user(conn, session['user']['id']) return render_template("user/menu.html", folders=folders)
def update(): if not authenticated(session): abort(403) else: id_task = int(request.form.get("id_task")) id_folder = int(request.form.get("id_folder")) task_name = request.form.get("task_name") if(id_task == None) or (id_task == ""): flash("The task must have an id!", category="error") return redirect(request.referrer) if(id_folder == None) or (id_folder == ""): flash("The folder must have an id!", category="error") return redirect(request.referrer) if(task_name == None) or (task_name == ""): flash("The task must have a name!", category="error") return redirect(request.referrer) conn = connection() if Task.exists(conn, id_folder, task_name): flash("The task already exists!", category="error") else: try: Task.update(conn, id_task, task_name) flash("The task was updated!", category="success") except: flash("There was an error editing your task", category="error") return redirect(request.referrer)
def search(): form = SearchForm() records = [] if form.validate_on_submit(): term = form.term.data.strip() connection = db.connection() cursor = connection.cursor() cursor.execute( ''' SELECT rl.status, rl.ruc, rl.dni, CASE WHEN rl.provider IS NULL THEN '---' ELSE rl.provider END AS provider, (CASE WHEN rl.status = 0 OR rl.status = 2 OR rl.status = 3 THEN '---' ELSE CAST(COUNT(tpl.rrll_id) as VARCHAR) END) AS nu_lineas, rl.created FROM rrll rl LEFT JOIN telephone_line tpl ON rl.id = tpl.rrll_id WHERE rl.ruc ILIKE %s OR rl.dni ILIKE %s OR rl.provider ILIKE %s OR tpl.modality ILIKE %s OR tpl.telephone ILIKE %s GROUP BY rl.status, rl.ruc, rl.dni, rl.provider, rl.created; ''', ['%{}%'.format(term)] * 5) records = cursor.fetchall() return render_template('osiptel/search.html', form=form, records=records)
def create(): if not authenticated(session): abort(401) conn = connection() User.create(conn, request.form) return redirect(url_for("user_index"))
def is_owner(id_house): if not authenticated(session): abort(401) conn = connection() if (User.is_owner(conn, session['user']['id'], id_house)): return True return False
def login(): email = request.form.get("email") password = request.form.get("password") if(email == None) or (email == ""): flash("Faltó ingresar el correo electrónico", category="error") return redirect(request.referrer) if(password == None) or (password == ""): flash("Faltó ingresar la contraseña", category="error") return redirect(request.referrer) try: validate_email(email) conn = connection() user = User.find_by_email(conn, email) if not user: flash("El correo no pertenece a ningún usuario", category="error") return redirect(request.referrer) else: if bcrypt.checkpw(password.encode('utf8'), user["password"].encode('utf8')): flash("Sesión iniciada!", category="success") session["user"] = user return redirect(request.referrer) else: flash("Usuario o contraseña inválido", category="error") return redirect(request.referrer) except EmailNotValidError: flash("El correo electrónico no es válido", category="error") return redirect(request.referrer)
def index(): if not authenticated(session): abort(401) conn = connection() users = User.all(conn) return render_template("user/index.html", users=users)
def create(): errors = False required_fields = ["email", "first_name", "last_name", "phone_number", "password1", "password2"] params = request.form for key in required_fields: if params[key] == "": translate_key = { "email": "Correo electrónico", "first_name": "Nombre", "last_name": "Apellido", "phone_number": "Teléfono", "password1": "Contraseña", "password2": "Repita la contraseña", } flash("Falta el campo '" + translate_key[key] + "'", category="error") errors = True if params["password1"] != params["password2"]: flash("Las contraseñas no coinciden", category="error") errors = True try: validate_email(params["email"]) conn = connection() if User.find_by_email(conn, params["email"]): flash("Ya existe un usuario con ese correo", category="error") errors = True except EmailNotValidError: flash("El correo electrónico no es válido", category="error") errors = True if (not errors): user_dic = { "email": params["email"], "first_name": params["first_name"], "last_name": params["last_name"], "phone_number": params["phone_number"], "password": bcrypt.hashpw(params["password1"].encode('utf8'), bcrypt.gensalt()), } User.create(conn, user_dic) user = User.find_by_email(conn, user_dic["email"]) session["user"] = user flash("Usuario creado", category="success") return redirect(url_for("index")) return redirect(request.referrer)
def authenticate(): conn = connection() params = request.form user = User.find_by_email_and_pass(conn, params["email"], params["password"]) if not user: flash("Usuario o clave incorrecto.") return redirect(url_for("auth_login")) session["user"] = user["email"] flash("La sesión se inició correctamente.") return redirect(url_for("home"))
def buy_house(): if not authenticated(session): abort(401) id_house = request.form.get("id_house") if (not id_house): flash("No hay una casa seleccionada") return redirect(request.referrer) conn = connection() if House.exist(conn, id_house): if User.buy_house(conn, session['user']['id'], id_house): flash("Compra exitosa", category="success") else: flash("Ha ocurrido un error", category="error") else: flash("No puedes comprar esta propiedad", category="error") return redirect(request.referrer)
def add_fav_house(): if not authenticated(session): abort(401) else: try: params = request.get_json() id_user = params['id_user'] id_house = params['id_house'] conn = connection() if(User.has_favorite(conn, id_user, id_house)): User.delete_fav_house(conn, id_user, id_house) return jsonify({"text": "deleted"}) else: User.add_fav_house(conn, id_user, id_house) return jsonify({"text": "added"}) except: abort(500)
def create(): if not authenticated(session): abort(403) else: folder_name = request.form.get("folder_name") if (folder_name == None) or (folder_name == ""): flash("The folder must have a name!", category="error") return redirect(url_for("user-main-menu")) conn = connection() if (Folder.exists(conn, session['user']['id'], folder_name)): flash("The folder already exists!", category="error") else: try: Folder.create(conn, session['user']['id'], folder_name) flash("The folder was created!", category="success") except: flash("There was an error", category="error") return redirect(url_for("user-main-menu"))
def check(): if not authenticated(session): abort(403) data = request.get_json() id_task = int(data['id_task']) checked = data['checked'] if(id_task == "" or id_task == None): abort(404) if(checked == "" or checked == None): abort(404) conn = connection() Task.check(conn, id_task, checked) return jsonify({"state": checked})
def show(): if not authenticated(session): abort(403) else: id_folder = request.args.get("id_folder") if(id_folder == None) or (id_folder == ""): flash("The 'id' field is empty!", category="error") return redirect(request.referrer) conn = connection() if User.has_permision_to_open_folder(conn, session['user']['id'], id_folder): folder = Folder.find_by_id(conn, id_folder) if not folder: flash("The folder doesn't exist!", category="error") return redirect(request.referrer) else: tasks = Task.find_by_id_folder(conn, folder['id']) return render_template("folder/folder-show.html", folder=folder, tasks=tasks) else: flash("You don't have permission to access that folder!", category="error") return redirect(request.referrer)
def delete_house(): if not authenticated(session): abort(401) id_house = request.form.get("id_house") if(id_house is None)or(id_house == ""): flash("La propiedad debe tener un ID", category="error") else: conn = connection() if not User.is_owner(conn, session['user']['id'], id_house): flash("Solo el dueño de la publicación puede borrarla!", category="error") else: if House.was_sold(conn,id_house): flash("No puede eliminar una propiedad vendida!", category="error") else: House.delete(conn, id_house) flash("Se ha eliminado la publicación exitosamente!", category="success") return redirect(url_for("index")) return redirect(request.referrer)
def show(): id = request.args.get("id") if id is not None: conn = connection() house = House.find_by_id(conn, id) if house: if house["deleted_at"] is not None: if authenticated(session): if User.bought_house(conn, house['id'], session['user']['id']): return render_template("houses/show_house.html", house=house) else: abort(404) else: abort(401) else: return render_template("houses/show_house.html", house=house) else: abort(404) else: abort(404)
def home(): connection = db.connection() cursor = connection.cursor() cursor.execute(''' SELECT g.status, g.id, gr.name, gr.grade, gr.institution, gr.created FROM graduate_record gr RIGHT JOIN graduate g ON g.id = gr.graduate_id ORDER BY gr.created LIMIT 10; ''') records = cursor.fetchall() return render_template( 'sunedu/home.html', records=records, )
def home(): connection = db.connection() cursor = connection.cursor() cursor.execute(''' SELECT rl.status, rl.ruc, rl.dni, CASE WHEN rl.provider IS NULL THEN '---' ELSE rl.provider END AS provider, (CASE WHEN rl.status = 0 OR rl.status = 2 OR rl.status = 3 THEN '---' ELSE CAST(COUNT(tpl.rrll_id) as VARCHAR) END) AS nu_lineas, rl.created FROM rrll rl LEFT JOIN telephone_line tpl ON rl.id = tpl.rrll_id GROUP BY rl.status, rl.ruc, rl.dni, rl.provider, rl.created ORDER BY rl.created DESC LIMIT 1000; ''') records = cursor.fetchall() return render_template( 'osiptel/home.html', records=records, )
def home(): connection = db.connection() cursor = connection.cursor() cursor.execute(''' SELECT d.id, d.name, d.surname, d.state, d.email, d.region, d.notes, d.status, d.created FROM doctor d ORDER BY d.created DESC LIMIT 10; ''') doctors = cursor.fetchall() return render_template( 'cmp/home.html', doctors=doctors, )
def delete(): if not authenticated(session): abort(403) else: id_task = request.form.get("id_task") if(id_task == None) or (id_task == ""): flash("The task must have an ID!", category="error") return redirect(request.referrer) conn = connection() task = Task.find_by_id(conn, id_task) if not task: flash("The task doesn't exist!", category="error") else: if Task.belongs_to_user(conn, id_task, session['user']['id']): try: Task.delete(conn, id_task) flash("A task was deleted!", category="success") except: flash("There was an error!", category="error") else: flash("You can't access that task!", category="error") return redirect(request.referrer)
def login(): username = request.form.get("username") password = request.form.get("password") if (username == None) or (username == ""): flash("The field 'username' is empty!", category="error") return redirect(request.referrer) if (password == None) or (password == ""): flash("The field 'password' is empty!", category="error") return redirect(request.referrer) conn = connection() user = User.find_by_username(conn, username) if not user: flash("The username doesn't exist!", category="error") return redirect(request.referrer) else: if password == user["password"]: flash("You have successfully logged in!", category="success") session["user"] = user folders = Folder.find_by_id_user(conn, user['id']) return render_template("user/menu.html", folders=folders) else: flash("Invalid password", category="error") return redirect(request.referrer)
def delete(): if not authenticated(session): abort(403) else: id_folder = request.form.get("id_folder") if (id_folder == None) or (id_folder == ""): flash("The folder must have an ID!", category="error") return redirect(url_for("user-main-menu")) conn = connection() folder = Folder.find_by_id(conn, id_folder) if not folder: flash("The folder doesn't exist!", category="error") else: if folder['id_user'] == session['user']['id']: try: Folder.delete(conn, session['user']['id'], id_folder) flash("The folder was deleted!", category="success") except: flash("There was an error!", category="error") else: flash("You don't have access to that folder!", category="error") return redirect(url_for("user-main-menu"))
def create_app(environment="development"): """Crea y configura la aplicación Flask, junto a la conexión a la base de datos. Además genera las diferentes URLs. """ configu = { "ORIGINS": [ "http://localhost:8080", # React "http://127.0.0.1:8080", # React "https://grupo21.proyecto2020.linti.unlp.edu.ar", ], } app = Flask(__name__) CORS( app, resources={r"/*": { "origins": configu["ORIGINS"] }}, supports_credentials=True, ) app.config["SESSION_TYPE"] = "filesystem" # app.config["SQLALCHEMY_ECHO"] = (environment == 'development') env = os.environ.get("FLASK_ENV", environment) app.config.from_object(config[env]) Session(app) # Cors connection(app) # handler error # app.register_error_handler(404, handler.not_found_error) @app.after_request def after_request_func(response): close(app) return response app.jinja_env.globals.update(is_authenticated=helper_auth.authenticated) app.jinja_env.globals.update(settings=PageSetting.find_settings) app.jinja_env.globals.update(municipios=listado_municipios()) app.jinja_env.globals.update(user_permisos=permissions) # Home de la página app.add_url_rule("/", "home", home) # Autenticación app.add_url_rule("/login", "auth_login", auth_login) app.add_url_rule("/logout", "auth_logout", auth.logout) app.add_url_rule("/autenticacion", "auth_authenticate", auth.authenticate, methods=["POST"]) # User CRUD app.add_url_rule("/users/new", "user_new", new) app.add_url_rule("/users_create", "user_create", create, methods=["POST"]) app.add_url_rule("/users/detail/<int:iduser>", "user_detail", detail, methods=["GET", "POST"]) app.add_url_rule("/users/update/<int:id>", "user_update", update, methods=["GET", "POST"]) app.add_url_rule("/users/commit_update", "commit_update", commit_update_user, methods=["POST"]) app.add_url_rule("/users/delete/<int:id>", "user_delete", delete, methods=["GET", "POST"]) app.add_url_rule("/users/commit_delete", "commit_delete", commit_delete_user, methods=["POST"]) # Center CRUD app.add_url_rule("/centers/new", "center_new", center_new) app.add_url_rule("/centers_create", "center_create", center_create, methods=["POST"]) app.add_url_rule("/centers/<int:idcenter>", "center_view", center_view, methods=["GET", "POST"]) app.add_url_rule( "/centers/update/<int:idcenter>", "center_update", center_update, methods=["GET", "POST"], ) app.add_url_rule( "/centers/commit_update", "center_commit_update", center_commit_update, methods=["POST"], ) app.add_url_rule( "/centers/delete/<int:idcenter>", "center_delete", center_delete, methods=["GET", "POST"], ) app.add_url_rule( "/centers/commit_delete", "center_commit_delete", center_commit_delete, methods=["POST"], ) # Turn CRUD app.add_url_rule( "/centers/<int:idcenter>/turnos/new", "turn_new", turn_new, methods=["GET", "POST"], ) app.add_url_rule( "/centers/<int:idcenter>/turnos/create", "turn_create", turn_create, methods=["GET", "POST"], ) app.add_url_rule( "/centers/<int:idcenter>/turnos/view/<int:idturno>", "turn_view", turn_view, methods=["GET", "POST"], ) app.add_url_rule( "/centers/<int:idcenter>/turnos/update/<int:idturno>", "turn_update", turn_update, methods=["GET", "POST"], ) app.add_url_rule( "/centers/turns/commit_update", "turn_commit_update", turn_commit_update, methods=["GET", "POST"], ) app.add_url_rule( "/centers/<int:idcenter>/turnos/delete/<int:idturno>", "turn_delete", turn_delete, methods=["GET", "POST"], ) app.add_url_rule( "/centers/turns/commit_delete", "turn_commit_delete", turn_commit_delete, methods=["GET", "POST"], ) # User Profile app.add_url_rule("/user/profile", "user_profile", profile, methods=["GET", "POST"]) app.add_url_rule("/update/profile", "update_profile", update_profile, methods=["GET", "POST"]) # Page Settings app.add_url_rule("/pageSettings", "pagesettings_indexPage", indexPage) app.add_url_rule("/updateSettings", "pagesettings_update", updateSettings, methods=["POST"]) # Users app.add_url_rule("/users", "users", user_index, methods=["GET", "POST"]) # Centers app.add_url_rule("/centers", "centers", center_index, methods=["GET", "POST"]) # Turns app.add_url_rule( "/centers/<int:idcenter>/turnos", "center_turnosDisp", turn_index, methods=["GET", "POST"], ) # Centers API app.add_url_rule("/centros", "centrosApi", CentersApi, methods=["GET", "POST"]) app.add_url_rule("/centros/<int:id>", "centros_id", center_by_id, methods=["GET"]) # Turns API app.add_url_rule( "/centers/<int:idcenter>/turnos_disponibles/", "turnos_api", turnsAPi, methods=["GET", "POST"], ) # Turns API by date app.add_url_rule( "/centers/<int:idcenter>/turnos_disponibles/<string:fecha>", "turnos_api", methods=["GET", "POST"], ) app.add_url_rule( "/centers/<int:idcenter>/turnos/pickDate", "turn_pickDate", turn_pickDate, methods=["GET", "POST"], ) # Turns API create turn app.add_url_rule( "/centers/<int:idcenter>/reserva", "reserve_turn", reserve_turn, methods=["POST"], ) # Centers & Turns Api's for charts # Cantidad de centros por tipo de centro app.add_url_rule( "/centers/by_type/", "centers_by_type", centers_by_type, methods=["GET"], ) # Cantidad total de turnos sacados por municipio app.add_url_rule( "/centers/turns_by_municipality/", "total_turns_by_municipality", total_turns_by_municipality, methods=["GET"], ) app.add_url_rule( "/centers/total_centers_by_type/", "total_centers_by_type", total_centers_by_type, methods=["GET"], ) return app
def init_extensions(app): """ 初始化第三方插件 :return: """ # flask-MongoEngine db.init_app(app) db.connection(**app.config.get('ORDER_DB_CONFIG')) db.connection(**app.config.get('INVENTORY_DB_CONFIG')) db.connection(**app.config.get('CART_DB_CONFIG')) db.connection(**app.config.get('CONTENT_DB_CONFIG')) db.connection(**app.config.get('LOG_DB_CONFIG')) mongo_inventory.init_app(app, config_prefix='MONGO_INVENTORY') redis.connection_pool = ConnectionPool(**app.config.get('REDIS_CONFIG')) session_redis.connection_pool = ConnectionPool( **app.config.get('SESSION_REDIS')) # server side session app.session_interface = RedisSessionInterface(session_redis) # flask-script migrate.init_app(app, db) # flask-mail mail.init_app(app) # flask-cache cache.init_app(app) # flask-admin admin.init_app(app) # flask-bcrypt bcrypt.init_app(app) # flask-babel babel.init_app(app) # flask-toolbar toolbar.init_app(app) # flask-assets assets.init_app(app) login_manager.login_view = 'frontend.login' # login_manager.refresh_view = 'frontend.reauth' @login_manager.user_loader def load_user(id): """ :param id: :return: """ return User.objects(id=id, is_deleted=False).first() login_manager.init_app(app) login_manager.login_message = gettext('Please login to access this page.') login_manager.needs_refresh_message = gettext( 'Please reauthenticate to access this page.') # flask-principal principal.init_app(app) from flask_principal import identity_loaded @identity_loaded.conect_via(app) def on_identity_loaded(sender, identity): """ :param sender: :param identity: :return: """ principal_on_identity_loaded(sender, identity)
def index(): conn = connection() issues = Issue.all(conn) return jsonify(issues=issues)