def edit():
isNoneError(request.args.get('room_id'))
room_id = isNotIntegerError(request.args.get('room_id'))
isFalseError(current_user.isAdmin(room_id))
isNoneError(current_user.isAdmin(room_id))
for assoc in current_user.rooms:
if assoc.room.id == int(room_id):
return render_template('room/edit.html', room=assoc.room)
def exit():
isNoneError(request.form.get('room_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
isTrueError(current_user.isAdmin(room_id))
isNoneError(current_user.isAdmin(room_id))
for assoc in current_user.rooms:
if assoc.room.id == int(room_id):
assoc.room.exit(current_user.id)
return redirect(url_for('room.index'))
def login_post():
if current_user != None and current_user.is_authenticated:
if current_user.isManager():
return redirect(url_for("main.managerHomepage"))
elif current_user.isAdmin():
return redirect(url_for("main.adminHomepage"))
username = request.form.get('username')
password = request.form.get('password')
remember = True if request.form.get('remember') else False
user = User(username)
# check if user actually exists
# take the user supplied password, hash it, and compare it to the hashed password in database
if user.password == "" or not check_password_hash(user.password, password):
db.db.Logins.update({"ID": user.id}, {"$inc": {"attempts": 1}})
flash('Please check your login details and try again.')
return redirect(
url_for('auth.login')
) # if user doesn't exist or password is wrong, reload the page
if db.db.Logins.find({"ID": user.id}).next()["attempts"] >= 20:
flash("Too many login attempts, contact an administrator")
return redirect(url_for('auth.login'))
# if the above check passes, then we know the user has the right credentials
login_user(user, remember=remember)
if user.isManager():
return redirect(url_for('main.managerHomepage'))
elif user.isAdmin():
return redirect(url_for('main.adminHomepage'))
def licenseGen():
g.isAdmin = current_user.isAdmin()
forms = formsModel.createLicense_form()
if forms.validate_on_submit():
formData = dict()
formData.update(forms.data)
del formData['csrf_token']
del formData['submit']
app.logger.info(
'\nGet a license create requests:\n From: %s\n Agent: %s\n Cookies: %s\n Forms: %s\n'
% (request.remote_addr, request.user_agent, request.cookies,
formData))
licenseFile = CL.createLicense(formData)
licenseLog = dbModel.LicenseRecords(username=current_user.username,
from_ip=request.remote_addr,
device_code=forms.device_code.data,
license_path=licenseFile[0])
db.session.add(licenseLog)
db.session.commit()
app.logger.info('\nLicense file Path: %s\nLicense Detail:\n%s' %
(licenseFile[0], licenseFile[1]))
licenseFileName = licenseFile[0].split('/')[-1]
return render_template('license_generator.html',
title='授权工具',
display_value='block',
licenseLink=licenseFileName,
forms=forms)
else:
return render_template('license_generator.html',
title='授权工具',
display_value='none',
forms=forms)
def admin_users_edit(user_id):
""" Edit an existing user
:param int user_id: id of an existing user
:status 200: User report updated
:status 400: user not exist
:status 503: Not sufficent permission
"""
if not current_user.isAdmin():
abort(403)
user = User.query.filter_by(id=user_id).first()
if not user:
abort(400)
form = UserEditForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
db.session.commit()
#generate new QR code
if form.role.data == '2':
generate_qr_code(user.getUsername(), form.username.data)
flash('User information updated.')
return render_template("users/admin/users-edit.html", form=form)
def add_member():
if current_user.isAdmin():
forms = formsModel.regist_link()
if forms.validate_on_submit():
if dbModel.RegistLink.query.filter_by(email=forms.email.data.lower(
))[:] or dbModel.RegistLink.query.filter_by(
work_id=forms.work_id.data)[:]:
userLists = dbModel.RegistLink.query.all()
return render_template('add_member.html',
userLists=userLists,
form=forms,
result='added',
work_id=forms.work_id.data,
email=forms.email.data.lower())
else:
add_id = dbModel.RegistLink(work_id=forms.work_id.data,
email=forms.email.data.lower())
db.session.add(add_id)
db.session.commit()
userLists = dbModel.RegistLink.query.all()
return render_template('add_member.html',
userLists=userLists,
form=forms,
result='success',
work_id=forms.work_id.data,
email=forms.email.data.lower())
userLists = dbModel.RegistLink.query.all()
return render_template('add_member.html',
userLists=userLists,
form=forms)
return render_template('message.html', msg='admin_required')
def gift():
isNoneError(request.form.get('room_id'))
isNoneError(request.form.get('item_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
item_id = isNotIntegerError(request.form.get('item_id'))
isNoneError(current_user.isAdmin(
room_id)) # checks that the user is member of the room
isTrueError(current_user.ownItem(
room_id, item_id)) # checks that the user is not the owner
item = Item.query.get(item_id)
if item:
if item.gid is None:
item.gid = current_user.id # becomes the gifter
else:
if current_user.id == item.gid:
item.gid = None
else:
abort(403)
commit()
return redirect(url_for('item.list_', room_id=room_id))
def decorated_function(*args, **kwargs):
if not current_user.isAdmin():
return render_template(
'403.html',
message='You must be an administrator to access this page.',
menu='home'), 403
return f(*args, **kwargs)
def admin_users_delete():
""" This function allow admin to delete an user record in the database
:param int user_id: id of the user
:status 201: user deleted
:status 404: user not exist
:status 503: Not sufficent permission
"""
if not current_user.isAdmin():
abort(403), 503
user = User.query.filter_by(id=request.form['user_id']).first()
if user:
#delete qr_code
if user.getRole() == 'engineer':
filename = user.getUsername() + '.png'
directory = os.path.join(QR_UPLOAD_FOLDER_URL, filename)
if os.path.exists(directory):
os.remove(directory)
db.session.delete(user)
db.session.commit()
return '', 200
abort(404)
def admin_cars_create():
""" This function allow admin to create a car record in the database
:reqheader Accept: application/json
:param string make: car brand
:param string color: car color
:param string body_type: car body type
:param int seats: number of seats
:param int cost_per_hour: cost per hour
:status 200: car created
:status 400: bad request
"""
if not current_user.isAdmin():
abort(403)
form = CarForm(request.form)
if form.validate_on_submit():
car = Car(make=form.make.data,
color=form.color.data,
body_type=form.body_type.data,
seats=form.seats.data,
cost_per_hour=form.cost_per_hour.data)
# Insert the record in our database and commit it
db.session.add(car)
db.session.commit()
flash('Car added.')
return redirect(url_for('users.admin_cars_create'))
# redirect user to the 'home' method of the user module.
return render_template("users/admin/cars-create.html", form=form)
def admin_bookings():
""" Redirect the admin to booking page which show the list of bookings
"""
if not current_user.isAdmin():
abort(403)
bookings = Booking.query.order_by(desc(Booking.id)).all()
return render_template("users/admin/bookings.html", bookings=bookings)
def admin_cars():
""" Redirect the admin to car page which show the list of cars
"""
if not current_user.isAdmin():
abort(403)
cars = Car.query.order_by(desc(Car.id)).all()
return render_template("users/admin/cars.html", cars=cars)
def login_page():
if current_user != None and current_user.is_authenticated:
if current_user.isAdmin():
return redirect(url_for("main.adminHomepage"))
elif current_user.isManager():
return redirect(url_for("main.managerHomepage"))
return render_template("loginPage.html")
def admin_users():
""" Redirect admin to user management page
"""
if not current_user.isAdmin():
abort(403)
users = User.query.order_by(desc(User.id)).all()
return render_template("users/admin/users.html", users=users)
def edit_addpsw():
password = request.form.get('password')
secret = request.form.get('current_secret')
new_secret = request.form.get('new_secret')
confirm_secret = request.form.get('confirm_secret')
isNoneError(request.form.get('room_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
isFalseError(current_user.isAdmin(room_id))
isNoneError(current_user.isAdmin(room_id))
if not new_secret or not confirm_secret:
flash('#2The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
#if not check_password_hash(current_user.password, password):
if not check_password_hash(current_user.password, password):
flash('#2The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
if not check_password_hash(generate_password_hash(new_secret), confirm_secret)\
or not check_password_hash(generate_password_hash(confirm_secret), new_secret):
flash('#2The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
roomQuery = Room.query.join(Association)\
.filter(Association.room_id==room_id)\
.filter(Association.user_id==current_user.id)\
.filter(Association.role_id==0).first()
if roomQuery.secret:
if not secret:
flash('#2The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
if not check_password_hash(roomQuery.secret, secret):
flash('#2The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
roomQuery.secret = generate_password_hash(new_secret)
commit()
return redirect(url_for('room.index'))
def admin_cars_delete():
if not current_user.isAdmin():
return "503 Not sufficent permission", 503
car = Car.query.filter_by(id=request.form['car_id']).first()
if car:
db.session.delete(car)
db.session.commit()
return '', 200
return 'car not exist.', 404
def askPlayerInfo():
id = request.form["id"]
id = int(id)
player = Joueur.query.get(id)
return json.dumps({
"id": player.getId(),
"pseudo": player.getUsername(),
"admin": current_user.isAdmin()
})
def create():
if request.method == 'GET':
isNoneError(request.args.get('room_id'))
room_id = isNotIntegerError(request.args.get('room_id'))
isNoneError(current_user.isAdmin(room_id))
return render_template('item/create.html',
room=[
assoc.room for assoc in current_user.rooms
if assoc.room.id == room_id
][0])
else:
name = request.form.get('name')
quantity = request.form.get('quantity')
price = request.form.get('price')
url = request.form.get('url')
isNoneError(request.form.get('room_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
isNoneError(current_user.isAdmin(room_id))
code, msgError = check_item_name(name)
if code != 0:
flash(msgError)
return redirect(url_for('item.create', room_id=room_id))
if not checkNumberInput(price) or not checkNumberInput(quantity):
flash('A positive number is required for a quantity and a price.')
return redirect(url_for('item.create', room_id=room_id))
item = Item(\
name=name,\
price=price,\
quantity=quantity,\
url=url,\
rid=room_id,\
uid=current_user.id,\
gid=None,\
)
addObj(item)
return redirect(url_for('item.list_', room_id=room_id))
def login_redirect():
""" Redirect to page based on user role
"""
if current_user.isEngineer():
return redirect(url_for('users.engineer_reports'))
if current_user.isManager():
return redirect(url_for('users.dashboard'))
if current_user.isAdmin():
return redirect(url_for('users.admin_pages'))
return redirect(url_for('users.home'))
def edit_name():
name = request.form.get('name')
secret = request.form.get('current_secret')
confirm_secret = request.form.get('confirm_secret')
isNoneError(request.form.get('room_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
isFalseError(current_user.isAdmin(room_id))
isNoneError(current_user.isAdmin(room_id))
roomQuery = Room.query.join(Association)\
.filter(Association.room_id==room_id)\
.filter(Association.user_id==current_user.id)\
.filter(Association.role_id==0).first()
isNoneError(roomQuery)
code, msgError = check_room_name(name)
if code != 0:
flash('#1' + msgError)
return redirect(url_for('room.edit', room_id=room_id))
if roomQuery.secret:
if not secret or not confirm_secret:
flash('#1The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
if not check_password_hash(generate_password_hash(secret), confirm_secret)\
or not check_password_hash(generate_password_hash(confirm_secret), secret):
flash('#1The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
if not check_password_hash(roomQuery.secret, secret):
flash('#1The information provided is incorrect.')
return redirect(url_for('room.edit', room_id=room_id))
roomQuery.name = name + "#" + str(current_user.id)
commit()
return redirect(url_for('room.index'))
def list_():
isNoneError(request.args.get('room_id'))
room_id = isNotIntegerError(request.args.get('room_id'))
isNoneError(current_user.isAdmin(room_id))
for assoc in current_user.rooms:
if assoc.room.id == int(room_id):
return render_template('item/list.html', room=assoc.room)
return render_template('room.html', user=current_user)
def delete_user(user):
if current_user.isAdmin():
deleUser = dbModel.RegistLink.query.filter_by(work_id=user).first()
if deleUser.regist_if:
deleAccount = dbModel.User.query.filter_by(
email=deleUser.email).first()
db.session.delete(deleAccount)
db.session.delete(deleUser)
db.session.commit()
return redirect(url_for('add_member'))
else:
return render_template('message.html', msg='admin_required')
def admin_cars_edit(car_id):
if not current_user.isAdmin():
return "503 Not sufficent permission"
car = Car.query.filter_by(id=car_id).first()
if not car:
return "400 car not exists"
form = CarForm(obj=car)
if form.validate_on_submit():
form.populate_obj(car)
db.session.commit()
flash('Car information updated.')
return render_template("users/admin/cars-edit.html", form=form)
def faculty():
professors = db.session.query(Professor).all()
if current_user.is_authenticated:
if current_user.isAdmin():
return render_template('professor/list.html',
professors=professors,
auth=True,
pageNum=5)
return render_template('professor/list.html',
professors=professors,
auth=False,
pageNum=5)
def kick():
isNoneError(request.form.get('room_id'))
isNoneError(request.form.get('user_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
user_id = isNotIntegerError(request.form.get('user_id'))
isNoneError(current_user.isAdmin(room_id))
isFalseError(current_user.isAdmin(room_id))
user_to_kick = current_user.getUserByID(user_id)
isNoneError(user_to_kick.isAdmin(room_id))
isTrueError(user_to_kick.isAdmin(room_id))
for assoc in current_user.rooms:
if assoc.room.id == int(room_id):
assoc.room.exit(user_id)
return redirect(url_for('item.list_', room_id=room_id))
def delete():
isNoneError(request.form.get('room_id'))
isNoneError(request.form.get('item_id'))
room_id = isNotIntegerError(request.form.get('room_id'))
item_id = isNotIntegerError(request.form.get('item_id'))
isNoneError(current_user.isAdmin(room_id))
isFalseError(current_user.ownItem(room_id, item_id))
item = Item.query.get(item_id)
if item:
deleteObj(item)
return redirect(url_for('item.list_', room_id=room_id))
def admin_cars_create():
if not current_user.isAdmin():
return "503 Not sufficent permission"
form = CarForm(request.form)
if form.validate_on_submit():
car = Car(make=form.make.data,
color=form.color.data,
body_type=form.body_type.data,
seats=form.seats.data,
cost_per_hour=form.cost_per_hour.data)
# Insert the record in our database and commit it
db.session.add(car)
db.session.commit()
flash('Car added.')
return redirect(url_for('users.admin_cars_create'))
# redirect user to the 'home' method of the user module.
return render_template("users/admin/cars-create.html", form=form)
def admin_users_edit(user_id):
if not current_user.isAdmin():
return "503 Not sufficent permission"
user = User.query.filter_by(id=user_id).first()
if not user:
return "400 user not exists"
form = UserEditForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
db.session.commit()
#generate new QR code
if form.role.data == '2':
generate_qr_code(user.getUsername(), form.username.data)
flash('User information updated.')
return render_template("users/admin/users-edit.html", form=form)
def dashboard():
""" Redirect to dashboard
"""
if not (current_user.isAdmin() or current_user.isManager()):
abort(403)
line_chart_data = get_line_chart_data()
pie_chart_data = get_pie_chart_data()
bar_chart_data = get_bar_chart_data()
return render_template("users/dashboard.html",
line_chart_labels=line_chart_data['labels'],
line_chart_values=line_chart_data['values'],
pie_chart_labels=pie_chart_data['labels'],
pie_chart_values=pie_chart_data['values'],
bar_chart_labels=bar_chart_data['labels'],
bar_chart_values=bar_chart_data['values'])
def admin_users_delete():
if not current_user.isAdmin():
return "503 Not sufficent permission", 503
user = User.query.filter_by(id=request.form['user_id']).first()
if user:
#delete qr_code
if user.getRole() == 'engineer':
filename = user.getUsername() + '.png'
directory = os.path.join(QR_UPLOAD_FOLDER_URL, filename)
if os.path.exists(directory):
os.remove(directory)
db.session.delete(user)
db.session.commit()
return '', 200
return 'user not exist.', 404
