def shoppinglist_update(shoppinglist_id):
shoppinglist = Shoppinglist.query.get(shoppinglist_id)
# Avoids error, if shoppinglist is NoneType
if not shoppinglist:
return login_manager.unauthorized()
if shoppinglist.account_id != current_user.id:
return login_manager.unauthorized()
form = ListForm(request.form)
if not form.validate():
for error in form.amount.errors:
flash(error)
return redirect(
url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
shoppinglist = Shoppinglist.query.get(shoppinglist_id)
product = Product.query.get(form.product_id.data)
on_list = db.session.query(Shoppinglistproduct).filter(
and_(Shoppinglistproduct.shoppinglist_id == shoppinglist.id,
Shoppinglistproduct.product_id == product.id)).first()
if on_list:
Shoppinglistproduct.update_product_total(form.amount.data,
shoppinglist_id, product.id)
return redirect(
url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
shoppinglistproduct = Shoppinglistproduct(form.amount.data)
shoppinglistproduct.product_id = product.id
shoppinglistproduct.shoppinglist_id = shoppinglist.id
shoppinglistproduct.total_product = form.amount.data
db.session().add(shoppinglistproduct)
db.session.commit()
return redirect(
url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
def product_update(product_id, product_name, product_price):
product = Product.query.get(product_id)
# Avoids error, if product is NoneType
if not product:
return login_manager.unauthorized()
if product.account_id != current_user.id:
return login_manager.unauthorized()
form = UpdateForm(request.form)
if not form.validate():
return render_template("product/updateProduct.html",
form=form,
product_id=product_id,
product_name=product_name,
product_price=product_price)
name = form.name.data
product = Product.query.filter(
and_(Product.name == name, Product.account_id == current_user.id,
Product.id != product_id)).first()
if product:
return render_template("product/updateProduct.html",
form=form,
product_id=product_id,
product_name=product_name,
product_price=product_price,
error="Product exists already")
update_product = Product.query.get(product_id)
update_product.name = form.name.data
update_product.price = form.price.data
db.session().commit()
return redirect(url_for("product_index"))
def henkilotiedot_vaihda_salasana():
"""Oman tai huollettavan sanasanan vaihtaminen
Kaikki parametrit välitetään lomakkeen kentissä
"""
salasana = request.form.get("salasana")
if not current_user or not current_user.is_authenticated():
return login_manager.unauthorized()
if len(salasana) < 6:
# Hylätään hiljaisesti, koska javascript torppaa tämän sovelluksessa
return redirect(url_for("henkilotiedot_index"))
henkiloid = int(request.form.get("henkiloid"))
if henkiloid == current_user.id:
henkilo = Henkilo.query.get(
current_user.id) # Oman salasanan saa vaihtaa
else:
# Tarkistetaan, että ollaan vaihtamassa huollettavan salasanaa
henkilo = kayttaja_autorisointi(henkiloid)
if not henkilo:
return login_manager.unauthorized()
henkilo.asetaSalasana(salasana)
flash(
"Henkilön {} {} salasana vaihdettu".format(henkilo.etunimi,
henkilo.sukunimi),
"success")
db.session.commit()
return redirect(url_for("henkilotiedot_index"))
def shoppinglist_show(shoppinglist_id):
shoppinglist = Shoppinglist.query.get(shoppinglist_id)
# Avoids error, if shoppinglist is NoneType
if not shoppinglist:
return login_manager.unauthorized()
if shoppinglist.account_id != current_user.id:
return login_manager.unauthorized()
page, per_page, offset = get_page_args(page_parameter='page',
per_page_parameter='per_page')
list = Shoppinglist.shoppinglist_show_contents(shoppinglist_id)
total = len(list)
pagination_list = list[offset:offset + per_page]
pagination = Pagination(page=page,
per_page=per_page,
total=total,
css_framework='bootstrap4')
return render_template("shoppinglist/showShoppinglist.html",
contents=pagination_list,
page=page,
per_page=per_page,
pagination=pagination,
form=ListForm(),
slist_id=shoppinglist_id)
def auth_delete(user_id):
user = User.query.get(user_id)
# Avoids error, if user is NoneType
if not user:
return login_manager.unauthorized()
if user.id != current_user.id:
return login_manager.unauthorized()
# Following loop deletes user related data from product and shoppinglist tables.
for product in db.session().query(Product).filter_by(account_id=user_id):
onList = db.session.query(Shoppinglistproduct).filter_by(product_id=product.id).all()
for listed in onList:
db.session().delete(listed)
db.session().delete(product)
# Following first loop deletes user related data from category table and second one from shoppinglist table.
for category in db.session().query(Category).filter_by(account_id=user_id):
db.session().delete(category)
for shoppinglist in db.session().query(Shoppinglist).filter_by(account_id=user_id):
db.session().delete(shoppinglist)
# And finally user will be deleted.
db.session().delete(user)
db.session().commit()
flash('Your account and all your data has been deleted!')
return redirect(url_for("index"))
def category_update(category_id, category_category):
category = Category.query.get(category_id)
# Avoiding error
if not category:
return login_manager.unauthorized()
if category.account_id != current_user.id:
return login_manager.unauthorized()
form = CategoryForm(request.form)
if not form.validate():
return render_template("category/updateCategory.html",
form=form,
category_id=category_id,
category_category=category_category)
category = form.category.data
check = Category.query.filter(
and_(Category.category == category,
or_(Category.id != category_id,
Category.account_id == 0))).first()
if check:
return render_template("category/updateCategory.html",
form=form,
category_id=category_id,
category_category=category_category,
error="Category exists already.")
update_category = Category.query.get(category_id)
update_category.category = form.category.data
db.session().commit()
return redirect(url_for("category_index"))
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
return login_manager.unauthorized()
for r in roles:
if current_user.has_role(r):
return fn(*args, **kwargs)
else:
return login_manager.unauthorized()
def auth_are_you_sure(user_id):
user = User.query.get(user_id)
# Avoids error, if user is NoneType
if not user:
return login_manager.unauthorized()
if user.id != current_user.id:
return login_manager.unauthorized()
return render_template("auth/areYouSure.html", user_id=user_id )
def decorator(*args, **kwargs):
if not current_user or not current_user.is_authenticated:
return login_manager.unauthorized()
if not all(role_name in current_user.roles
for role_name in role_names):
return login_manager.unauthorized()
return f(*args, **kwargs)
def category_update_form(category_id, category_category):
category = Category.query.get(category_id)
# Avoiding error
if not category:
return login_manager.unauthorized()
if category.account_id != current_user.id:
return login_manager.unauthorized()
return render_template("category/updateCategory.html",
form=CategoryForm(),
category_id=category_id,
category_category=category_category)
def update_product_form(product_id, product_name, product_price):
product = Product.query.get(product_id)
# Avoids error, if product is NoneType
if not product:
return login_manager.unauthorized()
if product.account_id != current_user.id:
return login_manager.unauthorized()
return render_template("product/updateProduct.html",
form=UpdateForm(),
product_id=product_id,
product_name=product_name,
product_price=product_price)
def shoppinglist_remove(product_id, shoppinglist_id):
shoppinglist = Shoppinglist.query.get(shoppinglist_id)
# Avoids error, if shoppinglist is NoneType
if not shoppinglist:
return login_manager.unauthorized()
if shoppinglist.account_id != current_user.id:
return login_manager.unauthorized()
product_on_list = db.session.query(Shoppinglistproduct).filter(
and_(Shoppinglistproduct.product_id == product_id,
Shoppinglistproduct.shoppinglist_id == shoppinglist_id)).first()
db.session().delete(product_on_list)
db.session().commit()
return redirect(
url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
def edit_message(thread_id, message_id):
message = Message.query.get(message_id)
if message.account_id != current_user.id and current_user.role != "ADMIN":
return login_manager.unauthorized()
if request.method == "GET":
form = MessageForm()
form.content.data = message.content
return render_template("messages/edit.html",
form=form,
thread_id=thread_id,
message_id=message_id)
form = MessageForm(request.form)
if not form.validate():
return render_template("messages/edit.html",
form=form,
thread_id=thread_id,
message_id=message_id)
message.content = form.content.data
db.session().commit()
return redirect(url_for("get_messages_from_thread_id",
thread_id=thread_id))
def edit_thread(thread_id):
thread = Thread.query.get(thread_id)
if thread.account_id != current_user.id and current_user.role != "ADMIN":
return login_manager.unauthorized()
categories = [(c.id, c.name) for c in Category.query.all()]
if request.method == "GET":
form = EditThreadForm()
form.title.data = thread.title
form.categories.choices = categories
return render_template("threads/edit.html", form=form, thread_id=thread_id)
form = EditThreadForm(request.form)
form.categories.choices = categories
if not form.validate():
return render_template("threads/edit.html", form=form, thread_id=thread_id)
thread.title = form.title.data
thread.categories.clear()
categories = form.categories.data
for c_id in categories:
c = Category.query.get(c_id)
thread.categories.append(c)
db.session().commit()
return redirect(url_for("threads_index"))
def report_change_description(report_id, naturesite_id):
r = Report.query.get(report_id)
if not r:
return render_template("error.html", message="ERROR! Report not found")
n = NatureSite.query.get(naturesite_id)
if not n:
return render_template("error.html",
message="ERROR! Nature site not found")
if r.account_id != current_user.id:
return login_manager.unauthorized()
form = ReportEditForm(request.form)
if not form.validate():
return render_template("report/edit.html",
form=form,
naturesite_id=naturesite_id,
report=r)
r.description = form.description.data
db.session().commit()
return redirect(url_for("naturesite_show", naturesite_id=naturesite_id))
def auth_edit_profile(user_id):
if not user_id.isdigit():
return redirect("index")
if int(user_id) != current_user.id and not current_user.is_superuser():
return login_manager.unauthorized()
if request.method == "GET":
form = EditUserForm(obj=User.query.get(user_id))
return render_template("auth/edit_profile.html", form=form)
form = EditUserForm(request.form)
# here is enough to compare form.id to user_id, since line 4 in
# this method checks for credentials
if (not form.id.data.isdigit() or int(form.id.data) != int(user_id)
or not form.validate()):
return render_template("auth/edit_profile.html", form=form)
user = User.query.get(user_id)
user.name = form.name.data
user.username = form.username.data
user.email = form.email.data
db.session.commit()
return redirect(url_for("user_view", user_id=user_id))
def henkilotiedot_luo_huollettava():
"""Uuden huollettavan itselisääminen - tietojen tallentaminen"""
if not current_user or not current_user.is_authenticated(
) or not current_user.aikuinen():
return login_manager.unauthorized()
form = HenkiloTiedotForm(request.form)
if not form.validate():
flash("Ole hyvä ja tarkista syöttämäsi tiedot", "danger")
return render_template("henkilotiedot/uusihuollettava.html", form=form)
lapsi = Henkilo()
form.tallenna(lapsi)
lapsi.jasenyysalkoi = datetime.today()
lapsi.huoltajat.append(current_user)
db.session.add(lapsi)
try:
db.session.commit()
except IntegrityError:
flash("Sähköpostiosoite on jo käytössä", "danger")
form.email.errors.append("Sähköpostiosoite on jo käytössä")
return render_template("henkilotiedot/uusihuollettava.html", form=form)
return redirect(url_for("henkilotiedot_index"))
def mod_senseis(id):
s = Senseis.query.get(id)
if not (current_user.id == s.id or current_user.username == 'genki'):
return login_manager.unauthorized()
form = SenseiForm(request.form)
name = form.name.data
l = form.logon.data.lower().strip()
prior_sensei = Senseis.query.filter_by(logon=l).first()
same = (s == prior_sensei)
if l == 'genki':
return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Sorry, 'Genki' reserverd for other purposes")
elif not form.validate() and len(name.strip()) > 0 and len(l) > 0:
return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Name and Logon should be between 3 and 15 char")
elif len(name.strip()) > 0 and len(name.strip()) < 3:
return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Name should be between 3 and 15 char without blanks")
elif len(l) < 3 and len(l) > 0:
return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Logon should be between 3 and 15 char without blanks")
elif prior_sensei and not same:
return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Logon already taken")
user = User.query.filter_by(username=s.logon).first()
if len(name.strip()) > 0:
s.name = name
user.name = name
if len(l) > 0:
s.logon = l
user.username = l
db.session().commit()
flash("Sensei {} was modified".format(s.name))
return redirect(url_for("senseis_index"))
def ryhmat_luo_kokoussarja(ryhma_id: int):
"""Toistuvien kokousten sarjan lisääminen tietokantaan"""
if not ryhma_autorisaatio(ryhma_id):
return login_manager.unauthorized()
form = KokousSarjaForm(request.form)
ryhma = Ryhma.query.get(ryhma_id)
if not form.validate():
return render_template("ryhmat/uusisarja.html", ryhma=ryhma, form=form)
paiva = form.alkaa.data
kokoukset = 0
while paiva < form.paattyy.data:
if paiva.weekday() == int(form.viikonpaiva.data):
kokous = Kokous(ryhma.id)
kokous.alkaa = datetime.combine(paiva, form.alkaaklo.data)
kokous.paattyy = datetime.combine(paiva, form.paattyyklo.data)
kokous.sijainti = form.sijainti.data
kokous.kuvaus = form.kuvaus.data
db.session.add(kokous)
kokoukset += 1
paiva = paiva + timedelta(days=1)
db.session.commit()
flash("Lisätty {} kokousta".format(kokoukset), "success")
return redirect(url_for("ryhmat_kokoukset", ryhma_id=ryhma_id))
def ryhmat_kokoukset_uusi(ryhma_id: int):
"""Lomake uuden kokouksen lisäämiseen"""
if not ryhma_autorisaatio(ryhma_id):
return login_manager.unauthorized()
ryhma = Ryhma.query.get(ryhma_id)
form = KokousTiedotForm()
return render_template("ryhmat/uusikokous.html", ryhma=ryhma, form=form)
def auth_change_password(user_id):
if not user_id.isdigit():
return redirect("index")
if int(user_id) != current_user.id and not current_user.is_superuser():
return login_manager.unauthorized()
if request.method == "GET":
form = EditUserPasswordForm()
form.id.data = user_id
return render_template("auth/edit_password.html", form=form)
form = EditUserPasswordForm(request.form)
if (not form.id.data.isdigit() or int(form.id.data) != int(user_id)
or not form.validate()):
return render_template("auth/edit_password.html", form=form)
user = User.query.get(user_id)
if not user.check_password(form.old_password.data):
form.old_password.errors.append("Invalid password")
return render_template("auth/edit_password.html", form=form)
user.set_password(form.new_password.data)
db.session.commit()
return render_template("users/user.html", user=user)
def accounts_update(account_id):
if not __is_owner(account_id):
return login_manager.unauthorized()
form = AccountProfileForm(request.form)
account = Account.query.get(account_id)
if not form.validate():
return render_template("accounts/account_profile.html",
form = form,
account = account
)
if not account:
return redirect(url_for("index"))
if form.password.data:
account.password = sha256_crypt.encrypt(form.password.data)
account.name = form.name.data
account.email = form.email.data
account.profile_info = form.profile_info.data
db.session.commit()
return redirect(url_for("accounts_profile", account_id=account_id))
def ryhmat_menneet_muokkaa(kokous_id):
kokous = Kokous.query.get(kokous_id)
if not ryhma_autorisaatio(kokous.ryhmaid):
return login_manager.unauthorized()
return render_template("ryhmat/lasnalista.html",
kokous=kokous,
ryhma=kokous.ryhma)
def skills_update(skill_id):
skill = Skill.query.get(skill_id)
if not skill.is_owned_by(current_user.id):
return login_manager.unauthorized()
form = SkillForm(request.form)
if not form.validate():
return render_template(
"skills/skills.html",
form=form,
skills=Skill.query.filter_by(owner_id=current_user.id))
if not __validate_experience(form):
return render_template(
"skills/skills.html",
form=form,
skills=Skill.query.filter_by(owner_id=current_user.id),
error="You must give an experience to skill")
work_experience = Experience.query\
.filter_by(skill_id=skill_id, experience_type="Work experience")\
.first()
other_experience = Experience.query\
.filter_by(skill_id=skill_id, experience_type="Other experience")\
.first()
work_experience.experience = form.work_experience_years.data * 12 + form.work_experience_months.data
other_experience.experience = form.other_experience_years.data * 12 + form.other_experience_months.data
db.session.commit()
return redirect(url_for("skills_my"))
def ryhmat_kokoukset_uusisarja(ryhma_id: int):
"""Lomake toistuvien kokousten sarjan lisäämiseksi"""
if not ryhma_autorisaatio(ryhma_id):
return login_manager.unauthorized()
ryhma = Ryhma.query.get(ryhma_id)
form = KokousSarjaForm()
return render_template("ryhmat/uusisarja.html", ryhma=ryhma, form=form)
def auth_change_password(user_id):
if not user_id.isdigit():
return redirect("index")
if int(user_id) != current_user.id and not current_user.is_superuser():
return login_manager.unauthorized()
if request.method == "GET":
form = EditUserPasswordForm()
form.id.data = user_id
return render_template("auth/edit_password.html", form=form)
form = EditUserPasswordForm(request.form)
if (not form.id.data.isdigit() or int(form.id.data) != int(user_id)
or not form.validate()):
return render_template("auth/edit_password.html", form=form)
user = User.query.get(user_id)
if form.old_password.data != user.password:
form.old_password.errors.append("Väärä salasana")
return render_template("auth/edit_password.html", form=form)
user.password = form.new_password.data
db.session.commit()
return redirect(url_for("show_profile", user_id=user_id))
def recipe_update(recipe_id):
rToUpdate = Recipe.query.get(recipe_id)
if rToUpdate.account_id != current_user.id:
return login_manager.unauthorized()
form = RecipeForm(request.form)
form.name.data = rToUpdate.name
form.ingredients.data = rToUpdate.ingredients
form.recipetext.data = rToUpdate.recipe_text
form.tips.data = rToUpdate.tips
if request.method == "GET":
return render_template("recipes/editrecipe.html",
form=form,
recipe=rToUpdate)
if not form.validate():
return render_template("recipes/editrecipe.html", form=form)
form = RecipeForm(request.form)
rToUpdate.name = form.name.data
rToUpdate.ingredients = form.ingredients.data
rToUpdate.recipe_text = form.recipetext.data
rToUpdate.tips = form.tips.data
db.session().add(rToUpdate)
db.session().commit()
return redirect(url_for("recipes_index"))
def auth_edit_profile(user_id):
if not user_id.isdigit():
return redirect("index")
if int(user_id) != current_user.id and not current_user.is_superuser():
return login_manager.unauthorized()
if request.method == "GET":
form = EditUserForm(obj=User.query.get(user_id))
return render_template("auth/edit_profile.html", form=form)
form = EditUserForm(request.form)
if (not form.id.data.isdigit() or int(form.id.data) != int(user_id)
or not form.validate()):
return render_template("auth/edit_profile.html", form=form)
user = User.query.get(user_id)
user.name = form.name.data
user.username = form.username.data
user.email = form.email.data
db.session.commit()
return redirect(url_for("show_profile", user_id=user_id))
def reviews_modify(review_id):
re = Review.get_review_by_id(review_id)
if re['account_id'] != current_user.id:
return login_manager.unauthorized()
if request.method == "GET":
form = ReviewForm(stars=re['stars'])
form.author.data = re['author']
form.name.data = re['book']
form.review.data = re['review']
return render_template("reviews/modify.html",
form=form,
review_id=review_id)
form = ReviewForm(request.form)
if not form.validate():
return render_template("reviews/modify.html", form=form)
r = Review.query.get(review_id)
r.review = form.review.data
r.stars = form.stars.data
db.session().commit()
return redirect(url_for("reviews_index"))
def henkilotiedot_uusi_huollettava():
"""Uuden huollettavan itselisääminen - lomakkeen näyttäminen"""
if not current_user or not current_user.is_authenticated(
) or not current_user.aikuinen():
return login_manager.unauthorized()
form = HenkiloTiedotLapsiForm()
return render_template("henkilotiedot/uusihuollettava.html", form=form)
