def info() -> Tuple[str, Optional[int]]: if not flask_login.current_user.is_teacher(): return '403 Forbidden.', 403 if request.method == 'POST': user = flask_login.current_user status = '' messages = [] url = '' try: if request.form['password'] != request.form['re_password']: messages.append(('密碼不符', 'danger')) if not validate_email(request.form['email']): messages.append(('email 格式不符', 'danger')) if not request.form['phone1'] or not request.form['phone2']: messages.append(('請輸入學校聯絡電話', 'danger')) if any(not digit.isdigit() for digit in request.form['phone1'] + request.form['phone2'] + request.form['phone3'] + request.form['cellphone']): messages.append(('電話號碼不可包含非數字', 'danger')) if 'school' not in request.form or not request.form['school']: messages.append(('請選擇學校', 'danger')) if messages: raise ValueError if request.form['password']: user.password = hash_password(request.form['password']) user.email = request.form['email'] user.work_phone = '%s.%s.%s' % ( request.form['phone1'], request.form['phone2'], request.form['phone3']) user.cell_phone = request.form['cellphone'] user.school_id = request.form['school'] except ValueError: status = 'error' else: get_db_session().commit() status = 'ok' flash('更新成功', 'success') url = url_for('user_mod.info') return jsonify(status=status, messages=messages, url=url) return render_template( 'user_info.html', current_user=flask_login.current_user )
def on_list_select(self, evt): """ Actions to be triggered when a user clicks an item in the listbox. Defined above in create_gui(), where on_list_select is bound to the listbox selection. Parameters (apart from self): evt: object containing information about the mouse click Return: None """ w = evt.widget index = int(w.curselection()[0]) value = w.get(index) print(index) print(value) session = db.get_db_session() result = self.salesperson_dao.find_by_id(session, value) session.close() print("result: ", result) sp = result['salesperson'] self.populate_fields(sp) pass
def generate(self, uri, paginate_until=None, after=None): method = 'GET' response_data = [] url = self._base_url + uri response = requests.request( method = method, url = url, params = {'after': after}, auth = self._auth, verify = True) print(response) print(response.text) if isinstance(response.json(), list): response_data += response.json() else: yield response.json() if paginate_until is None: for r in response_data: yield r else: db_session = get_db_session() pagination_key = paginate_until['key'] pagination_condition = paginate_until['condition'] if len(response_data) == 0: return for r in response_data: if pagination_condition(r[pagination_key]): yield r while pagination_condition(response_data[-1][pagination_key]): if 'CB-AFTER' in response.headers: time.sleep(0.25) # To avoid rate limit after = response.headers['CB-AFTER'] response = requests.request( method=method, url=url, auth=self._auth, params={'after': after}) response_data = response.json() if not isinstance(response_data, list): response_data = [response_data] if len(response_data) == 0: break for r in response_data: if pagination_condition(r[pagination_key]): yield r try: # Record pagination info in DB pagination = Pagination( account = get_account_from_base_url(self._base_url), product_id = get_product_id_from_uri(uri), url = url, start_time = response_data[-1]['created_at'], end_time = response_data[0]['created_at'], cursor_before = response.headers['CB-BEFORE'], cursor_after = response.headers['CB-AFTER']) db_session.add(pagination) db_session.commit() except Exception as e: print(str(e)) # Let this go since it's just extra info that is nice to have else: break db_session.remove()
def show_party(party_subdomain): db_session = get_db_session() party = db_session.query(Orgy).filter(Orgy.name.ilike(party_subdomain)).filter(Orgy.is_old == False).one_or_none() if not party: return 'Party not found! Make one <a href="//my.corgiorgy.com">here</a>!', 404 else: return render_template("party.html", party=party)
def delete_party(): requestor_ip = request.remote_addr delete_token = request.args.get('delete_token') name = request.args.get('name') if (not name) or (not delete_token) or (not requestor_ip): return 'Invalid request' db_session = get_db_session() party_to_delete = db_session.query(Orgy).filter(Orgy.name == name)\ .one_or_none() if not party_to_delete: return 'Invalid request' if (not party_to_delete.creator_ip) or (party_to_delete.creator_ip == '127.0.0.1/32'): return 'Invalid request' else: creator_ip = party_to_delete.creator_ip.replace('/32','') # Additional sanity check if creator_ip != requestor_ip: return 'Invalid request' token_message = creator_ip + party_to_delete.name valid_delete_token = hmac.new(mycorgi_app.mycorgi_app.config['SECRET_DELETE_KEY'], token_message, hashlib.sha1).hexdigest() if delete_token == valid_delete_token: db_session.delete(party_to_delete) db_session.commit() print 'deleted party', party_to_delete.name return 'Party deleted! Make another one <a href="//my.corgiorgy.com">here</a>!' else: return 'Invalid request!'
def __init__(self): self.session, self.engine = get_db_session() self.workflows = WorkflowClient(self.session) self.tasks = TaskClient(self.session) self.minions = MinionClient(self.session) self.users = UserClient(self.session) self.tenants = TenantClient(self.session)
def process_request(self, message): if 'text' not in message: return None self.session = database.get_db_session()() message_text = message['text'] chat_id = message['chat']['id'] message_list = message_text.split() if message_list[0].startswith('/'): command_name = message_list[0][1:] command = self._find_command(command_name) args = message_list[1:] if command: return_message = command(chat_id, args) else: return None else: return_message = self.default_command(chat_id, []) response = { 'chat_id': chat_id, 'text': return_message, 'parse_mode': 'markdown', } self.session.close() return response
def delete(self): """ Delete a record from the database The vehicle_id of the record to be deleted is obtained from a global attribute. A messagebox is used display the outcome (success or failure) of the delete operation to the user. Parameters (apart from self): None Return: None """ # Grab the vehicle_id from the stringvar id = self.vehicle_id.get() print(id) # Call the data access object to do the job # Pass the id as parameter to the delete() method session = db.get_db_session() # Get a session (database.py) result = self.vhc_dao.delete(session, id) session.close() # Close the session # Display the returned message to the user - use a messagebox # Display everything that is returned in the result messagebox.showinfo(self.mb_title_bar, result) pass
def create(self, data): """ Create a new record in the database. A messagebox is used display the outcome (success or failure) of the create operation to the user. Parameters (apart from self): data: dictionary object containing vehicle data to be saved Return: None """ print("Creating a vehicle ...") print(data) session = db.get_db_session() # Get a session (database.py) result = self.vhc_dao.create(session, data) # result is a tuple e.g. ("vehicle added successfully", 1004) #result, vehicle_id = self.vhc.create(data) # if you wish to get the message and vehicle_id separately session.close() # Close the session # Display the returned message to the user - use a messagebox # For 'tkinter messagebox' options, # refer to http://effbot.org/tkinterbook/tkinter-standard-dialogs.htm # Format: message.function(title, message [, options]) # Functions: showinfo, showwarning, showerror, askquestion, # askokcancel, askyesno, or askretrycancel # Use the icon= option to specify which icon to display # e.g. icon="warning", "error", "info", "question" # Display everything that is returned in the result messagebox.showinfo(self.mb_title_bar, result) pass
def on_list_select(self, evt): """ on_list_select() is triggered when a user clicks an item in the listbox. This was defined with the statement "self.lb_ids.bind('<<ListboxSelect>>', self.on_list_select)" defined above in create_gui() Parameters (apart from self): evt: object containing information about the mouse click Return: None """ # For more information on 'tkinter events', # refer to http://effbot.org/tkinterbook/tkinter-events-and-bindings.htm w = evt.widget index = int(w.curselection()[0]) # index = position of the item clicked in the list, first item is item 0 not 1 value = w.get(index) # value of the item clicked, in our case it's the vehicle_id print(index) print(value) # Call find_by_id and populate the stringvars of the form session = db.get_db_session() # Get a session (database.py) result = self.vhc_dao.find_by_id(session, value) session.close() # close the session print("result", result) # { "vehicle" : {"vehicle_id": "", "vehicle_make": "", etc}} vhc = result['vehicle'] self.populate_fields(vhc) pass
def load(self): """ Retrieve a list of IDs from the database and load them into a listbox Parameters (apart from self): Return: None """ session = db.get_db_session() # Get a session (database.py) result = self.vhc_dao.find_ids(session) # {"vehicle_ids": [1, 2, 3]} session.close() # Close the session print("result", result) # Check if there is an entry in the result dictionary if "vehicle_ids" in result: list_ids = result[ 'vehicle_ids'] # will crash if there is no entry! # Set the returned list into the listbox # Before doing that, must clear any previous list in the box self.lb_ids.delete(0, tk.END) print("Setting vehicle_id in listbox ...") for x in list_ids: self.lb_ids.insert(tk.END, x) #print(x) pass
def get_user(id): s = get_db_session() try: user = s.query(User).filter_by(id=id).one() return Response(json.dumps(user.to_dict()), status=200, mimetype='application/json') except NoResultFound: return Response("User does not exist", 404)
def delete(self): """ Delete a record from the database. The salesperson_id of the record to be deleted is obtained from a global attribute. A messagebox is used display the outcome (success or failure) of the delete operation to the user. Parameters (apart from self): None Return: None """ print("Deleting a salesperson ...") sp_id = self.salesperson_id.get() print(id) session = db.get_db_session() result = self.salesperson_dao.delete(session, sp_id) session.close() messagebox.showinfo(self.mb_title_bar, result) pass
def register() -> str: if request.method == 'POST': status = '' messages = [] url = '' try: if not request.form['name']: messages.append(('請輸入姓名', 'danger')) elif any(char.isdigit() for char in request.form['name']): messages.append(('姓名不可包含數字', 'danger')) if not request.form['username']: messages.append(('請輸入使用者帳號', 'danger')) if not request.form['password']: messages.append(('請輸入密碼', 'danger')) elif request.form['password'] != request.form['re_password']: messages.append(('密碼不符', 'danger')) if not validate_email(request.form['email']): messages.append(('email 格式不符', 'danger')) if not request.form['phone1'] or not request.form['phone2']: messages.append(('請輸入學校聯絡電話', 'danger')) if any(not digit.isdigit() for digit in request.form['phone1'] + request.form['phone2'] + request.form['phone3'] + request.form['cellphone']): messages.append(('電話號碼不可包含非數字', 'danger')) if 'school' not in request.form or not request.form['school']: messages.append(('請選擇學校', 'danger')) if messages: raise ValueError user = User(request.form['username'], request.form['email']) user.realname = request.form['name'] user.password = hash_password(request.form['password']) user.work_phone = '%s.%s.%s' % ( request.form['phone1'], request.form['phone2'], request.form['phone3']) user.cell_phone = request.form['cellphone'] user.school_id = request.form['school'] user.create_time = datetime.datetime.now() user.type = 'teacher' except ValueError: status = 'error' else: db_session = get_db_session() db_session.add(user) db_session.commit() status = 'ok' flash('註冊成功', 'success') url = url_for('user_mod.login') return jsonify(status=status, messages=messages, url=url) return render_template( 'user_register.html', current_user=flask_login.current_user )
def store_in_db(self) -> None: """Store data into database """ with get_db_session() as db_session: channels, shows = self.get_tv_metadata(db_session) complete_result = self.clean_data(db_session, channels) self.parse_to_schema(db_session, shows, complete_result) db_session.commit() print('Successfully store data into database....')
def delete_products(args, location="form"): ids = args["ids"] s = get_db_session() try: s.query(Product).filter(Product.id.in_(ids)).delete() s.commit() return Response('Products deleted', 200) except NoResultFound: return Response("Products do not exist", 404)
def get_transaction(id): s = get_db_session() try: transaction = s.query(Transaction).filter_by(id=id).one() return Response(json.dumps(transaction.to_dict()), status=200, mimetype='application/json') except NoResultFound: return Response("transaction does not exist", 404)
def delete_transaction(id): s = get_db_session() try: transaction = s.query(Transaction).filter_by(id=id).one() s.delete(transaction) s.commit() return Response('transaction deleted', 200) except NoResultFound: return Response("transaction does not exist", 404)
def get_transactions_by_user(id): s = get_db_session() try: transactions = s.query(Transaction).filter_by(user_id=id) return Response(json.dumps([u.to_dict() for u in transactions]), status=200, mimetype='application/json') except NoResultFound: return Response("transactions do not exist", 404)
def show_old_party(old_party_name): db_session = get_db_session() party = db_session.query(Orgy)\ .filter(Orgy.name == old_party_name)\ .filter(Orgy.is_old == True)\ .one_or_none() if not party: return 'Party not found! Make one <a href="//my.corgiorgy.com">here</a>!', 404 else: return render_template('party.html', party=party)
def create_product(args, location="form"): name = args["name"] description = args["description"] imageSrc = args["imageSrc"] price = args["price"] product = Product(name, description, imageSrc, price) s = get_db_session() s.add(product) s.commit() return Response('Product created', 201)
def update(self, data): print("Updating a customer ...") print(data) session = db.get_db_session() # Get a session (database.py) result = self.customer_dao.update(session, data['customer_id'], data) session.close() # close the session messagebox.showinfo(self.mb_title_bar, result) pass
def store_data(self, movie_data): """Store data into database.""" with get_db_session() as db_session: product_data = [ ProductSchema(product_id=str(uuid.uuid4())[:10], store_pcs=len(data.get('product_name')), price=int(float(data.get('movie_score'))) * 10 if data.get('movie_score') else 0, **data) for data in movie_data ] product.add_all(db_session, product_data) db_session.commit()
def create_user(args, location="form"): username = args["username"] password = args["password"] email = args["email"] firstname = args["firstname"] lastname = args["lastname"] role = "user" user = User(username, password, email, firstname, lastname, role) s = get_db_session() s.add(user) s.commit() return Response('User created', 201)
def get_fills(self, backwards_until, afters): db_session = get_db_session() try: for product_id, after in afters.items(): self._log.info('Ingesting fills for product "%s"' %(product_id)) for fill in self._api.get_fills(product_id, backwards_until, after): self.upsert_fill(fill, db_session) except Exception as e: db_session.rollback() raise e finally: db_session.close()
def create(self, data): print("Creating an customer ...") print(data) session = db.get_db_session() # Get a session result = self.customer_dao.create(session, data) session.close() # Close the session messagebox.showinfo(self.mb_title_bar, result) pass
def delete(self): # Grab the customer_id from the stringvar id = self.customer_id.get() print(id) session = db.get_db_session() # Get a session (database.py) result = self.customer_dao.delete(session, id) session.close() # Close the session messagebox.showinfo(self.mb_title_bar, result) pass
def add_transactions(self): import csv db_session = get_db_session() try: with open(self._filepath, 'r') as csvfile: reader = csv.DictReader(csvfile) for i, row in enumerate(reader): self.upsert_transaction(row, db_session) except Exception as e: db_session.rollback() raise e finally: db_session.close()
def load(self): session = db.get_db_session() # Get a session (database.py) result = self.flt_dao.find_ids(session) # {"employee_ids": [1, 2, 3]} session.close() # Close the session print("result", result) # Check if there is an entry in the result dictionary if "flight_ids" in result: list_ids = result['flight_ids'] self.lb_ids.delete(0,tk.END) print("Setting flight_id in listbox ...") for x in list_ids: self.lb_ids.insert(tk.END, x) #print(x) pass
def get_single_visit_by_id(visit_id): """ Function gets a visit id by key :param visit_id: Input param that represents the user_id :return: Success: Response with json output with the requested format """ request_id = uuid.uuid4() try: log.info("[{}] User visits requested for visit ID: {}".format( request_id, visit_id)) return jsonify( get_visit_by_id_helper(get_db_session(), request_id, visit_id)) except Invalid as e: log.warning(" Malformed input: {}".format(str(e))) return Response(ExceptionMessage.BAD_REQUEST, status=406)
def show_party(party_subdomain): db_session = get_db_session() party = db_session.query(Orgy)\ .filter(Orgy.name.ilike(party_subdomain))\ .filter(Orgy.is_old == False)\ .one_or_none() if not party: return 'Party not found! Make one <a href="//my.corgiorgy.com">here</a>!', 404 if party.creator_ip: creator_ip = party.creator_ip.replace('/32','') if creator_ip == request.remote_addr: token_message = creator_ip + party.name delete_token = hmac.new(mycorgi_app.mycorgi_app.config['SECRET_DELETE_KEY'], token_message, hashlib.sha1).hexdigest() delete_url = '?name='+party.name+'&delete_token='+delete_token else: delete_url = None return render_template('party.html', party=party, delete_url=delete_url)
def check_name(): name = request.form.get('name') if not name: return 'InvalidName' elif not re.search("^[a-zA-Z0-9\-]+$", name): return 'InvalidName' elif not len(name) < 64: return 'InvalidName' else: db_session = get_db_session() existing_party = db_session.query(Orgy)\ .filter(Orgy.name.ilike(name))\ .filter(Orgy.is_old == False)\ .one_or_none() if existing_party: return 'InUse' else: return 'Success'
#coding: utf-8 import tornado.web import os from urls import handlers from templates import get_template_lookup from database import get_db_session settings = { 'template_lookup': get_template_lookup(), 'template_path': os.path.join(os.path.dirname(__file__), 'template'), 'static_path': os.path.join(os.path.dirname(__file__), 'static'), 'debug': True, "login_url": "/auth/signin", 'cookie_secret': 'Ku8JJ9hL9Shj=', "xsrf_cookies": True, 'dbsession': get_db_session() } application = tornado.web.Application( handlers, **settings )
def create_party(): # Required fields name = request.form.get('name') foreground = request.form.get('foreground') background = request.form.get('background') direction = request.form.get('direction') # Optional fields youtube_url = request.form.get('youtube') creator_ip = request.remote_addr # Make sure foreground was included in POST if not foreground: return 'Missing foreground! Please upload a foreground image', 400 # Validate image foreground image input and construct imgur URL if re.search(r"^[a-zA-Z0-9]+$", foreground): foreground_url = "http://i.imgur.com/" + foreground + ".gif" else: return 'Foreground image invalid! Please retry upload', 400 # Make sure background was included in POST if not background: return 'Missing background! Please upload a background image', 400 # Validate image background image input and construct imgur URL if re.search("^[a-zA-Z0-9]+$", background): background_url = "http://i.imgur.com/" + background + ".gif" else: return 'Background image invalid! Please retry upload', 400 # Make sure direction was included in POST if not direction: return 'Missing direction! Hey wat r u doin?', 400 # Validate direction input and construct ltr/rtl boolean if direction == 'right': is_left_to_right = True elif direction == 'left': is_left_to_right = False else: return 'Invalid direction! Hey wat r u doing?', 400 # Validate youtube URL if youtube_url: youtube_match = re.search(YOUTUBE_REGEX, youtube_url) if youtube_match: youtube_id = youtube_match.group(6) else: return 'Invalid YouTube URL!', 400 else: youtube_id = None # Make sure name was included in POST if not name: return 'Missing name! Please pick a name for your party', 400 # Validate name elif not re.search("^[a-zA-Z0-9\-]+$", name): return 'Invalid name! Pick a different name', 400 # Make sure name isn't too long to be a subdomain elif len(name) > 63: return 'Name too long! Pick a shorter name', 400 # Forbid protected subdomains elif name.lower() in ['my', 'static', 'api', 'www']: return 'Forbidden name! Pick a different name', 400 # Create DB session db_session = get_db_session() # Make sure name is not already taken existing_orgy = db_session.query(Orgy)\ .filter(Orgy.name.ilike(name))\ .filter(Orgy.is_old == False)\ .one_or_none() if existing_orgy: return name + ' already exists! Pick a different name', 400 # Instantiate new party and commit to DB new_orgy = Orgy(name=name, is_old=False, foreground_url=foreground_url, background_url=background_url, is_left_to_right=is_left_to_right, youtube_id=youtube_id, creator_ip=creator_ip) db_session.add(new_orgy) db_session.commit() # Return new party URL for client-side redirect target new_party_url = 'http://' + name.lower() + '.corgiorgy.com' print name, 'party:', new_party_url return new_party_url, 201