def remove_item_from_shop(request):
if request.method == 'POST':
login = request.COOKIES.get('login_hash')
username = None
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('fail')
item_id = request.POST.get('item_id')
item = ItemsLogic.get_item(item_id)
if item is False:
return HttpResponse('fail')
if not UsersLogic.is_owner_of_shop(username, item.shop_name):
if UsersLogic.is_manager_of_shop(username, item.shop_name):
manager = UsersLogic.get_manager(username, item.shop_name)
if manager.permission_remove_item is not 1: # no permission
return HttpResponse('no permission to remove item')
else:
return HttpResponse('fail') # not manager not owner
status = ItemsLogic.remove_item_from_shop(item_id, username)
if status is False:
return HttpResponse('fail')
return HttpResponse('success')
def setUp(self):
init_database('db.sqlite3')
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager('YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
def test_add_login(self):
UsersLogic.register(RegisteredUser("user1user1", "13245678"))
self.assertTrue(LoggerLogic.add_login_log("user1user1"))
logs = Logger.get_all_login_logs()
self.assertTrue(len(logs) == 1)
login_log = logs[0]
self.assertEqual(login_log.username, "user1user1")
def add_discount_page(request):
if request.method == 'GET':
shop_name = request.GET.get('shop_name')
login = request.COOKIES.get('login_hash')
guest = request.COOKIES.get('guest_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse(error_login_owner)
else:
return HttpResponse(error_login_owner)
if not UsersLogic.is_owner_of_shop(username, shop_name):
if UsersLogic.is_manager_of_shop(username, shop_name):
manager = UsersLogic.get_manager(username, shop_name)
if manager.discount_permission is not 1: # no permission
return HttpResponse('no permission to add discount')
else:
return HttpResponse('fail') # not manager not owner
every_html = {
'top_bar': Topbar_Navbar.get_top_bar(login),
'nav_bar': Topbar_Navbar.get_nav_bar(login, guest)
}
return render(request,
'shop_add_discount.html',
context={
'every_html': every_html,
'shop_name': shop_name
})
def edit_password(request):
if request.method == 'POST':
current_password = request.POST.get('current_password')
new_password = request.POST.get('new_password')
event = "EDIT PASSWORD"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
current_password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_password, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if UsersLogic.login(RegisteredUser(username, current_password)):
return HttpResponse(
UsersLogic.edit_password(
RegisteredUser(username, new_password)))
return HttpResponse('FAILED: You are not logged in.')
def get_system_users(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
users_html = ""
users = UsersLogic.get_all_users()
for user in users:
shops_own = len(
UsersLogic.get_owned_shops(user.username))
shop_manage = len(
UsersLogic.get_managed_shops(user.username))
users_html += loader.render_to_string(
'components/user.html',
context={
'username': user.username,
'shop_own_count': shops_own,
'shop_manage_count': shop_manage,
})
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
context.update({'users': users_html})
return render(request,
'system-users.html',
context=context)
return HttpResponse("You don't have the privilege to be here")
def get_account(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is None:
login = request.GET.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
# html of a logged in user
system_hidden = "hidden"
if UsersLogic.is_system_manager(username):
system_hidden = ""
details = {'state': "AFG", 'age': "AFG", 'sex': "AFG"}
else:
details = UsersLogic.get_user_details(username)
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
context.update({
'system_hidden': system_hidden,
'state': details.get('state'),
'age': details.get('age'),
'sex': details.get('sex')
})
return render(request,
'customer-account.html',
context=context)
return HttpResponse('You are not logged in!')
def test_add_manager(self):
ShopLogic.create_shop(SHOP, USERNAME)
UsersLogic.register(OTHER_USER)
manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6],
PERMISSIONS[7])
is_added = UsersLogic.add_manager(USERNAME, manager)
self.assertTrue(is_added)
def test_modify_notifications(self):
ShopLogic.create_shop(SHOP, USERNAME)
UsersLogic.modify_notifications(USERNAME, 0, SHOP.name)
owner = Owners.get_owner(USERNAME, SHOP_NAME)
self.assertEqual(0, owner.should_notify)
UsersLogic.modify_notifications(USERNAME, 1, SHOP.name)
owner = Owners.get_owner(USERNAME, SHOP_NAME)
self.assertEqual(1, owner.should_notify)
def get_messages(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
content = request.GET.get('content')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
# html of a logged in user
messages_html = ""
if content == 'received':
if UsersLogic.is_system_manager(username):
messages = MessagingLogic.get_received_system_messages(
)
else:
messages = MessagingLogic.get_all_messages(username)
for message in messages:
messages_html += loader.render_to_string(
'components/Message.html',
context={
'id': message.message_id,
'from': message.from_username,
'to': message.to_username,
'content': message.content
})
received_on = "class=active"
sent_on = ""
elif content == 'sent':
if UsersLogic.is_system_manager(username):
messages = MessagingLogic.get_sent_system_messages()
else:
messages = MessagingLogic.get_all_sent_messages(
username)
for message in messages:
messages_html += loader.render_to_string(
'components/Message.html',
context={
'id': message.message_id,
'from': message.from_username,
'to': message.to_username,
'content': message.content
})
received_on = ""
sent_on = "class=active"
else:
return HttpResponse('You are not logged in!')
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
context.update({
'messages': messages_html,
'received_on': received_on,
'sent_on': sent_on
})
return render(request, 'messages.html', context=context)
return HttpResponse('You are not logged in!')
def test_send_message_and_get_messages_of_users(self):
UsersLogic.register(RegisteredUser('TomerTomer', '1234567878'))
UsersLogic.register(RegisteredUser('ShaharShahar', '1234567878'))
MessagingLogic.send_message(Message(1, 'TomerTomer', 'ShaharShahar', 'Hello 1'))
MessagingLogic.send_message(Message(2, 'ShaharShahar', 'TomerTomer', 'Hello 2'))
messages1 = MessagingLogic.get_all_messages('TomerTomer')
messages2 = MessagingLogic.get_all_messages('ShaharShahar')
self.assertTrue(messages1[0].content == 'Hello 2')
self.assertTrue(messages2[0].content == 'Hello 1')
def test_torture1(self):
# Adding Users
status = UsersLogic.register(RegisteredUser('user1user1', 'asdas12da'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('user2user2', 'cse12fdsf'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('user3user3', '12312124'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('user4user4',
'1344321324'))
self.assertTrue(status)
status = UsersLogic.register(RegisteredUser('user5user5',
'1c24c143c1'))
self.assertTrue(status)
# Adding System Managers
status = UsersLogic.add_system_manager(
SystemManager('sys1sys1', 'POWER123'))
self.assertTrue(status)
status = UsersLogic.edit_password(
RegisteredUser('user5user5', '12312456'))
self.assertTrue(status)
user = RegisteredUsers.get_user('user5user5')
UsersLogic.remove_user('sys1sys1', user)
status = RegisteredUsers.get_user('user5user5')
self.assertFalse(status)
def edit_shop_item(request):
if request.method == 'POST':
login = request.COOKIES.get('login_hash')
username = None
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('fail')
item_id = request.POST.get('item_id')
fields = ['quantity', 'category', 'keywords', 'price', 'url']
new_values = [
request.POST.get('item_quantity'),
request.POST.get('item_category'),
request.POST.get('item_keywords'),
request.POST.get('item_price'),
request.POST.get('item_url')
]
event = "EDIT ITEM"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[0], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[1], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[2], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[3], event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_values[4], event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item(item_id)
if item is False:
return HttpResponse('fail')
if not UsersLogic.is_owner_of_shop(username, item.shop_name):
if UsersLogic.is_manager_of_shop(username, item.shop_name):
manager = UsersLogic.get_manager(username, item.shop_name)
if manager.permission_edit_item is not 1: # no permission
return HttpResponse('no permission to edit item')
else:
return HttpResponse('fail') # not manager not owner
for i in range(0, len(fields)):
status = ItemsLogic.edit_shop_item(username, item_id, fields[i],
new_values[i])
if status is False:
return HttpResponse('fail')
return HttpResponse('success')
def test_add_invisible_discount_bad(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
invdisc = InvisibleDiscount('ABCDEFGHIJKLMNO', item1.id, shop.name, -1,
'2018-12-01', '2019-12-01')
self.assertFalse(add_invisible_discount(invdisc, 'YoniYoni'))
def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1))
MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1')
messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2')
self.assertFalse(messages1)
self.assertFalse(messages2)
def test_bad_no_permssion_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1))
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2',
Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
, "FAILED: You don't have the permissions")
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1',
Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
, "FAILED: You don't have the permissions")
def get_system_shops(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
orders_html = ""
shops_html = ""
shops = ShopLogic.get_all_shops()
for shop in shops:
shops_html += loader.render_to_string(
'components/shop.html',
context={
'shop_name': shop.name,
'status': shop.status
})
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
context.update({'shops': shops_html})
return render(request,
'system-shops.html',
context=context)
return HttpResponse("You don't have the privilege to be here")
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
event = "LOGIN"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
user = RegisteredUser(username, password)
result = UsersLogic.login(user)
if result[:7] == 'SUCCESS':
access_token = hashlib.md5(username.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = username
Consumer.loggedInUsersShoppingCart[
access_token] = ShoppingLogic.get_cart_items(username)
return HttpResponse(access_token)
else:
return HttpResponse(result)
def test_add_manager_bad_username(self):
manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],)
manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],)
is_added = UsersLogic.add_manager(USERNAME, manager)
self.assertNotEqual(is_added, 'SUCCESS')
def update_permissions(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
target_id = request.POST.get('target_id')
event = "UPDATE PERMISSIONS"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
target_id, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
store_manager = StoreManager(
target_id, shop_name, request.POST.get('add_item_permission'),
request.POST.get('remove_item_permission'),
request.POST.get('edit_item_permission'),
request.POST.get('reply_message_permission'),
request.POST.get('get_all_message_permission'),
request.POST.get('get_purchase_history_permission'),
request.POST.get('get_discount_permission'),
request.POST.get('set_policy_permission'))
if UsersLogic.update_permissions(username, store_manager):
return HttpResponse('success')
return HttpResponse('fail')
def get_system_log(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
logs_html = ""
log_items = LoggerLogic.get_all_event_logs()
for log_item in log_items:
logs_html += loader.render_to_string(
'components/log_table_event.html',
context={
'username': log_item.username,
'time': log_item.time,
'event': log_item.event
})
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
return render(request,
'system-logger.html',
context=context)
return HttpResponse("You don't have the privilege to be here")
def add_manager(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
target_id = request.POST.get('target_id')
event = "ADD MANAGER"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
target_id, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
store_manager = StoreManager(
target_id, shop_name, request.POST.get('add_item_permission'),
request.POST.get('remove_item_permission'),
request.POST.get('edit_item_permission'),
request.POST.get('reply_message_permission'),
request.POST.get('get_all_message_permission'),
request.POST.get('get_purchase_history_permission'),
request.POST.get('get_discount_permission'),
request.POST.get('set_policy_permission'))
if username is not None:
return HttpResponse(
UsersLogic.add_manager(username, store_manager))
return HttpResponse('FAILED: You are not logged in')
def register(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
state = request.POST.get('state')
age = request.POST.get('age')
sex = request.POST.get('sex')
event = "REGISTER"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
state, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(age, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(sex, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
return HttpResponse(
UsersLogic.register_with_user_detail(
RegisteredUser(username, password), state, age, sex))
def update_details(request):
if request.method == 'POST':
state = request.POST.get('state')
age = request.POST.get('age')
sex = request.POST.get('sex')
event = "UPDATE USER DETAILS"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
state, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
age, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
sex, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
return HttpResponse(
UsersLogic.update_details(username, state, age, sex))
return HttpResponse('FAILED: You are not logged in.')
def test_get_visible_discount_bad_item(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'My Shop', 'milk1', 'diary1', 'good', 12, 100,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
'2019-12-01')
self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
self.assertFalse(get_visible_discount(item2.id, shop.name))
def re_open_shop(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if UsersLogic.re_open_shop(username, shop_name):
return HttpResponse('success')
return HttpResponse('fail')
def test_get_visible_discount(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
'2019-12-01')
self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
getted = get_visible_discount(item1.id, shop.name)
self.assertEqual(getted.item_id, disc.item_id)
self.assertEqual(getted.shop_name, disc.shop_name)
self.assertEqual(getted.percentage, disc.percentage)
def login_gap(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
return HttpResponse(len(Consumer.loggedInUsers))
return HttpResponse("You don't have the privilege to be here")
def watch_purchase_history(request):
if request.method == 'GET':
shop_name = request.GET.get('shop_name')
login = request.COOKIES.get('login_hash')
guest = request.COOKIES.get('guest_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse(error_login_owner)
else:
return HttpResponse(error_login_owner)
if not UsersLogic.is_owner_of_shop(username, shop_name):
if UsersLogic.is_manager_of_shop(username, shop_name):
manager = UsersLogic.get_manager(username, shop_name)
if manager.permission_get_purchased_history is not 1: # no permission
return HttpResponse(
'no permission to watch purchase history')
else:
return HttpResponse('fail') # not manager not owner
every_html = {
'top_bar': Topbar_Navbar.get_top_bar(login),
'nav_bar': Topbar_Navbar.get_nav_bar(login, guest)
}
shop_items = ShopLogic.get_shop_purchase_history(username, shop_name)
string_items = ""
for item in shop_items:
string_items += loader.render_to_string(
'components/purchase_item_owner.html', {
'purchase_id': item.purchase_id,
'item_id': item.item_id,
'quantity': item.quantity,
'price': item.price
})
return render(request,
'shop_view_purchase_history.html',
context={
'every_html': every_html,
'items': string_items,
'shop_name': shop_name
})
return HttpResponse(not_get_request)
def modify_notifications(request):
if request.method == 'POST':
should_notify = request.POST.get('modify_notifications')
shop_name = request.POST.get('shop_name')
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if UsersLogic.modify_notifications(username, should_notify,
shop_name):
return HttpResponse('success')
return HttpResponse('fail')