def delete(request):
"""
delete view. Allow user to delete its account. Password/openid are required to
confirm it. He should also check the confirm checkbox.
url : /delete
template : authopenid/delete.html
"""
extension_args = {}
user_ = request.user
redirect_to = get_url_host(request) + reverse('user_delete')
if request.POST:
form = DeleteForm(request.POST, user=user_)
if form.is_valid():
if not form.test_openid:
user_.delete()
return signout(request)
else:
return ask_openid(request, form.cleaned_data['password'],
redirect_to, on_failure=deleteopenid_failure)
elif not request.POST and 'openid.mode' in request.GET:
return complete(request, deleteopenid_success, deleteopenid_failure,
redirect_to)
form = DeleteForm(user=user_)
msg = request.GET.get('msg','')
return render('authopenid/delete.html', {
'form': form,
'msg': msg,
}, context_instance=RequestContext(request))
def article_delete(article):
if not article.file:
return article_not_found(article, error="This page cannot be deleted because it does not exist.")
form = DeleteForm(request.form)
if request.method == "POST" and form.validate():
article.delete(form.summary.data)
flash("The page {} has been deleted".format(article.title))
return render_template("article/delete_complete.html", article=article)
return render_template("article/delete.html", article=article, form=form)
def deletePage():
if not config.adminLoggedIn:
return redirect(url_for('.loginPage'))
form = DeleteForm()
errorCode = None
if form.validate_on_submit():
errorCode = deleteRecord()
return render_template('delete.html', deleteForm=form, errorCode=errorCode)
def delete():
user = g.user
form = DeleteForm()
if form.validate_on_submit():
post_to_delete = models.Post.query.filter_by(id=form.postID.data).first()
db.session.delete(post_to_delete)
db.session.commit()
return redirect(url_for('index'))
return render_template('delete.html', user=user, form=form)
def category_delete(category_name):
"""Delete Category will all items in it"""
if 'username' not in login_session:
return redirect(url_for('login'))
category = Category.query.filter(Category.name == category_name).first()
if category.author_id != login_session['user_id']:
return render_template('401.html', name='category')
delete_form = DeleteForm()
if delete_form.validate_on_submit():
db_session.delete(category)
db_session.commit()
return redirect(url_for('index'))
flash_errors(delete_form)
return redirect(url_for('category_edit',
category_name=category_name))
def delete_books():
form = DeleteForm()
bk = Book.query.with_entities(Book.id,Book.title).all()
#if form.validate_on_submit():
if form.request=='POST' and form.validate():
for item in request.form.getlist('delete'):
a = Book.query.get(item)
if a.authors:
for author in a.authors:
a.remove_author(author)
db.session.commit()
if os.path.exists('app/static/covers/' + str(a.id)):
os.remove('app/static/covers/' + str(a.id))
db.session.delete(a)
db.session.commit()
return redirect('/admin')
return render_template("delete_books.html", title = 'Eliminer un ou des livres de la bibliotheque', sitename = 'Ma Bibliotheque',listing = bk, form = form)
def remove_data_from_collection(request, database_name=settings.MONGO_DB_NAME,
collection_name=settings.MONGO_MASTER_COLLECTION):
name = _("Delete select information from a MongoDB Collection based on a query")
if request.method == 'POST':
form = DeleteForm(request.POST)
if form.is_valid():
query = form.cleaned_data['query']
just_one = form.cleaned_data['just_one']
#run the delete
results = mongo_delete_json_util(query, database_name=database_name,
collection_name=collection_name,
just_one=just_one)
#convert to json and respond.
results_json = json.dumps(results, indent =4)
return HttpResponse(results_json, status=int(results['code']),
mimetype="application/json")
else:
#The form is invalid
messages.error(request,_("Please correct the errors in the form."))
return render_to_response('generic/bootstrapform.html',
{'form': form,
'name':name,
},
RequestContext(request))
#this is a GET
if not database_name or collection_name:
idata ={'database_name': settings.MONGO_DB_NAME,
'collection_name': settings.MONGO_MASTER_COLLECTION,
}
else:
idata ={'database_name': database_name,
'collection_name': collection_name,
}
context= {'name':name,
'form': DeleteForm(initial=idata)
}
return render_to_response('generic/bootstrapform.html',
RequestContext(request, context,))
def delete_authors():
form = DeleteForm()
auts = Author.query.all()
if form.request=='POST' and form.validate():
for item in request.form.getlist('delete'):
a = Author.query.get(item)
if a.books:
for book in a.books:
a.remove_book(book)
db.session.commit()
if os.path.exists('app/static/photos/' + str(a.id)):
os.remove('app/static/photos/' + str(a.id))
db.session.delete(a)
db.session.commit()
return redirect('/admin')
return render_template("delete_authors.html",
title = 'Eliminer un ou des auteurs de la bibliotheque',
sitename = 'Ma Bibliotheque',listing = auts, form = form)
def deleteResume(code):
'''
Delete a resume from the user's resume dashboard.
'''
if 'username' not in login_session:
return redirect(url_for('welcome'))
deletedResume = session.query(Resume).filter_by(code = code).one()
form = DeleteForm()
if deletedResume.user_id != login_session['user_id']:
return "<script>function myFunction() {alert('You are not authorized to delete this resume. Please create your own course in order to edit.');}</script><body onload='myFunction()''>"
if form.validate_on_submit():
session.delete(deletedResume)
session.commit()
flash('Successfully Deleted Resume')
return redirect(url_for('fullResumeList'))
else:
return render_template('deleteResume.html', resume=deletedResume, form = form)
def profile():
notes = db.session.query(Note).filter(Note.owner == current_user.username).first()
delete_form = DeleteForm()
table_rows = []
if notes and notes.data is not None:
items = notes.data
for key in items:
table_rows.append(dict(title=key, description = items[key]))
table = ItemTable(table_rows)
return render_template('profile.html', note_table = table, delete_form = delete_form)
def show_user(username):
"""Show information on user"""
if "username" not in session or username != session['username']:
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
return render_template("show_user.html", user=user, form=form)
def item_delete(category_name, item_name):
"""Delete item from DB"""
if 'username' not in login_session:
return redirect(url_for('login'))
item = Item.query.\
filter(Item.name == item_name).\
filter(Item.category.has(name=category_name)).\
first()
if item.author_id != login_session['user_id']:
return render_template('401.html', name='item')
delete_form = DeleteForm()
if delete_form.validate_on_submit():
db_session.delete(item)
db_session.commit()
return redirect(url_for('index'))
flash_errors(delete_form)
return redirect(url_for('item_edit',
category_name=category_name,
item_name=item_name))
def show_user(username):
"""Example page for logged-in-users."""
if "username" not in session or username != session['username']:
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
return render_template("users/show.html", user=user, form=form)
def show_secret_page(username):
"""show logged in user, their user info"""
if 'username' in session:
user = User.query.get(username)
form = DeleteForm()
return render_template('show_user.html', user=user, form=form)
else:
raise Unauthorized()
def deleteCourse(course_id):
'''
Delete a course from the user's course dashboard.
'''
if 'username' not in login_session:
return redirect(url_for('welcome'))
deletedCourse = session.query(Course).filter_by(id = course_id).one()
form = DeleteForm()
if deletedCourse.user_id != login_session['user_id']:
return "<script>function myFunction() {alert('You are not authorized to edit this course. Please create your own course in order to edit.');}</script><body onload='myFunction()''>"
if form.validate_on_submit():
if deletedCourse.image != None:
os.remove(deletedCourse.image)
session.delete(deletedCourse)
flash('%s Successfully Deleted' % deletedCourse.title)
session.commit()
return redirect(url_for('fullCourseList'))
else:
return render_template('deleteCourse.html', course=deletedCourse, form = form)
def show_user(username):
"""user detail page"""
if "username" not in session or username != session["username"]:
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
return render_template('users/show.html', user=user, form=form)
def display_user_info(username):
""" show user detail if correct user logged in
else redirect to homepage
"""
if session.get("username") != username:
return redirect("/login")
form = DeleteForm()
user = User.query.get(username)
return render_template("user_info.html", user=user, form=form)
def show_user(username):
"""Example page for logged-in-users."""
if "username" not in session:
flash("You must be logged in to view.")
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
return render_template("users/user_show.html", user=user, form=form)
def index(request):
"""
Handle post requests or list recent feedback messages.
"""
# Check if this is a post request with new feedback.
feedback_form = FeedbackForm(request.POST or None)
if feedback_form.is_valid():
return submit(request,
page=feedback_form.cleaned_data['page'],
message=feedback_form.cleaned_data['message'])
# Check if this is a post request to vote on a message.
vote_form = VoteForm(request.POST or None)
if vote_form.is_valid():
return vote(request, vote_form.cleaned_data['vote'])
# Check if this is a post request to delete a message.
delete_form = DeleteForm(request.POST or None)
if delete_form.is_valid():
return delete(request, delete_form.cleaned_data['delete'])
# Otherwise, display recent feedback.
return render_to_response(request, 'feedback/index.html', locals())
def user_info_page(username):
"""Once the user is authenticated he is landed on this page."""
if 'username' not in session:
flash("Please login first!", "danger")
return redirect('/login')
user = User.query.get_or_404(username)
form = DeleteForm()
if user.username == session['username']:
return render_template("userinfo.html", user=user, form=form)
def delete_user():
form = DeleteForm()
try:
email = current_user.email
except AttributeError:
return redirect('/login')
if form.validate_on_submit():
#verify user password
password = form.data['password']
q = db.session.query(User).filter(User.id == current_user.id)
user = q.first()
if user is not None and user.authenticate(password):
logout_user()
#delete the user and all his data
_delete_user(user)
return redirect('/users')
return render_template('delete_user.html', form=form, user_email=email)
def delete_feedback(feedback_id):
"""Delete feedback."""
feedback = Feedback.query.get(feedback_id)
if "user_id" not in session:
flash("You are not authorized", "danger")
return redirect('/')
id = session['user_id']
main_user = User.query.get_or_404(id)
if main_user.username != feedback.username:
flash("You are not authorized", "danger")
return redirect('/')
form = DeleteForm()
if form.validate_on_submit():
db.session.delete(feedback)
db.session.commit()
return redirect(f"/user/{feedback.username}")
def show_user_home(username):
if "username" not in session or username != session['username']:
raise Unauthorized()
drug_name = Drug.query.get(drug_name)
user = User.query.get(username)
form = DeleteForm()
drug_obj = Drug.query.filter_by(drug_name=drug_name)
return render_template('/home.html', user=user, form=form, drug=drug_name)
def all_feedback():
if "username" not in session:
flash("You need to login!", "danger")
return redirect('/login')
all_feedback = Feedback.query.all()
form = DeleteForm()
return render_template('all_feedback.html',
all_feedback=all_feedback,
form=form)
def delete_feedback(feedback_id):
"""Delete a specific piece of feedback and redirect to /users/<username>."""
# There is no logged in user
if 'username' not in session:
flash("Please login first!", "danger")
return redirect('/login')
post = Post.query.get_or_404(feedback_id)
# Logged in user does NOT own the feedback post
if session['username'] != post.username:
flash("You don't have permission to do that!", "danger")
return redirect('/')
# Logged in user owns the feedback post
form = DeleteForm()
if form.validate_on_submit():
db.session.delete(post)
db.session.commit()
flash("Feedback deleted!", "info")
return redirect(f'/users/{post.username}')
def delete_feedback(feedback_id):
"""Delete feedback."""
feedback = Feedback.query.get_or_404(feedback_id)
if "username" not in session:
flash('Not Authorized. Need to Login', "danger")
return redirect('/login')
if feedback.username != session['username']:
flash("Not Authorized To Delete Another User's Feedback", "danger")
current_user = session['username']
return redirect(f'users/{current_user}')
form = DeleteForm()
if form.validate_on_submit():
db.session.delete(feedback)
db.session.commit()
return redirect(f"/users/{feedback.username}")
def show_user_notes(username):
""" Display users notes """
if "username" not in session or username != session["username"]:
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
return render_template("my_notes/show_user_notes.html",
user=user,
form=form)
def delete_task(task_id):
task = mongo.db.tasks.find_one_or_404({'_id': ObjectId(task_id)})
form = DeleteForm(request.form)
if request.method == 'GET':
form = DeleteForm(data=task)
return render_template('delete_task.html',
title='Delete task',
task=task,
form=form)
if form.validate_on_submit():
task = mongo.db.tasks
task.delete_one({
'_id': ObjectId(task_id),
})
return redirect(url_for('all_tasks', title='Task has been deleted'))
return render_template('delete_task.html',
title='Delete task',
task=task,
form=form)
def messages_index(user_id):
# find a user - that's it!
delete_form = DeleteForm()
if request.method == "POST":
form = MessageForm(request.form)
if form.validate():
new_message = Message(request.form['content'], user_id)
db.session.add(new_message)
db.session.commit()
return redirect(url_for('messages_index', user_id=user_id))
return render_template('messages/new.html', user=User.query.get(user_id), form=form)
return render_template('messages/index.html', user=User.query.get(user_id), delete_form=delete_form)
def index():
delete_form = DeleteForm()
if request.method == "POST":
form = UserForm(request.form)
if form.validate():
new_user = User(request.form['first_name'], request.form['last_name'])
db.session.add(new_user)
db.session.commit()
return redirect(url_for('index'))
else:
return render_template('users/new.html', form=form)
return render_template('users/index.html', users=User.query.all(), delete_form=delete_form)
def secret_page(username):
if "user_id" not in session:
flash("Please Login First", "danger")
return redirect('/')
id = session['user_id']
main_user = User.query.get_or_404(id)
user = User.query.filter_by(username=username).first_or_404()
form = DeleteForm()
return render_template('user.html',
user=user,
main_user=main_user,
form=form)
def show_username(username):
if "username" not in session or username != session['username']:
# flash('You need to Login or Signup')
# return redirect ('/')
raise Unauthorized()
user = User.query.get(username)
form = DeleteForm()
cats = Cats.query.all()
adopt = Adopt.query.all()
return render_template('show.html', user=user, form=form, cats=cats, adopt=adopt)
def delete_user():
form = DeleteForm()
choice = form.choice.data
if form.validate_on_submit():
if choice == "student":
item_id = form.id.data
item = Student.query.get(item_id)
item.delete_student()
flash("The user was successfully deleted!")
return redirect(url_for('delete_user'))
else:
item_id = form.id.data
item = Tutor.query.get(item_id)
item.delete_tutor()
flash("The user was successfully deleted!")
return redirect(url_for('delete_user'))
return render_template('delete.html', pages=nav_bar_pages_list, form=form)
def delete_user(user_id, token=None):
user = User.query.get(user_id)
if user:
if user.admin:
if token:
load_token(token=token, salt='remove-auth')
else:
return redirect(
url_for('verification.authorization', user_id=user_id))
form = DeleteForm()
if form.validate_on_submit():
return handle_account_deletion(user=user,
title=form.title.data,
reason=form.reason.data)
return render_template('delete.html',
form=form,
user_id=user_id,
user_name=user.name,
token=request.args.get('token'))
else:
return abort(404)
def show_user_details(username):
"""Show details for logged-in users only."""
if "username" not in session or username != session['username']:
flash("You must be logged in to view!")
raise Unauthorized()
else:
user = User.query.get_or_404(username)
form = DeleteForm()
return render_template("/users/show_user.html", user=user, form=form)
def delete_note(note_id):
"""deletes a note"""
if session.get("username") != note.owner:
return redirect("/login"), 401
if form.validate_on_submit():
note = Note.query.get_or_404(note_id)
form = DeleteForm()
db.session.delete(note)
db.session.commit()
return redirect(f"/users/{session['username']}")
def show_user(username):
"""
Show user page with list of notes by that user
"""
if "username" not in session or username != session["username"]:
flash("Unauthorized")
return redirect('/')
form = DeleteForm()
# form with hidden tag
user = User.query.get(username)
return render_template('user_info.html', user=user, form=form)
def delete_note(note_id):
""" Delete note and redirect to /users/<username>
"""
note = Note.query.get_or_404(note_id)
username = note.user.username
if CURRENT_USER not in session:
flash("You are not authorized to view this page.")
return redirect("/login")
elif username != session[CURRENT_USER]:
flash("You are not authorized to access another user's page.")
logged_in_user = session[CURRENT_USER]
return redirect(f"/users/{logged_in_user}")
form = DeleteForm()
if form.validate_on_submit():
###################### not working #####################
db.session.delete(note)
db.session.commit()
return redirect(f'/users/{username}')
def display_secret(username):
if 'username' not in session or session['username'] != username:
flash('Must be logged in to view')
return redirect('/login')
user = User.query.filter_by(username=username).first()
posts = Feedback.query.filter_by(username=username).all()
form = DeleteForm()
return render_template('user.html', user=user, posts=posts, form=form)
def home():
# Adding all the forms to home page to be able to input data
add_form = AddForm()
delete_form = DeleteForm()
clear_form = ClearForm()
edit_form = EditForm()
contents = view_backpack()
return render_template("home.html",
contents=contents,
add_form=add_form,
delete_form=delete_form,
clear_form=clear_form,
edit_form=edit_form,
id=id)
def homepage():
"""Show homepage: """
if g.user:
user_favorite = [fav for fav in g.user.favorites]
form = DeleteForm()
return render_template('home.html',
favorites=user_favorite,
form=form,
tags=g.tags)
else:
return render_template('home-anon.html')
