コード例 #1
0
ファイル: app.py プロジェクト: DaveLin4026/AppSec2 
def login_history():
    user_search_form = UserSearchForm()

    if not current_user.role == Roles.admin:
        abort(403)

    if flask.request.method == "GET":
        return render_template(
            "login_history.html",
            searched_user=current_user,
            user=current_user,
            form=user_search_form,
        )

    if flask.request.method == "POST":
        if user_search_form.validate_on_submit():
            searched_user = User.query.filter_by(
                username=user_search_form.username.data).first()
            searched_user_history = UserActivity.query.filter_by(
                user_id=searched_user.id).all()
        return render_template(
            "login_history.html",
            searched_user=current_user,
            user=current_user,
            queries=searched_user_history,
            form=user_search_form,
        )
コード例 #2
0
ファイル: picMe.py プロジェクト: kp1732/picMe 
def discover():
    # create user search form
    form = UserSearchForm()

    # create user follow form
    formFollow = UserFollowForm()

    # if valid input
    if form.validate_on_submit():

        # get data from user search form
        searchUser = form.searchQuery.data

        # construct and execute query
        users_query = 'SELECT username,firstName,lastName,bio,profilePicPath FROM Person WHERE username LIKE "%{}%";'.format(
            searchUser)
        requests_query = 'SELECT Person.username,Follow.followstatus FROM Person JOIN Follow ON Person.username = Follow.username_followed WHERE Follow.username_follower = "{}";'.format(
            session["username"])
        users_x_requests = 'SELECT Person.username,Person.firstName,Person.lastName,Person.bio FROM Person WHERE Person.username in (SELECT Person.username from Person join Follow on Person.username = Follow.username_followed WHERE Follow.username_follower = "{}");'.format(
            session["username"])

        # fetch
        users_data = queryFetchAll(users_query)
        requests_data = queryFetchAll(requests_query)
        uxr_data = queryFetchAll(users_x_requests)

        # create dictionary with username:profile pic from users_data
        users_pics = makeUsersPicsDict(users_data)

        # remove profile pic path column from query result (for comparison with rows from the other queries)
        users_data_no_profilePicPath = removePicCol(users_data)

        # create dictionary with username:follow status from requests_data
        users_status = makeUsersStatus(requests_data)

        # check for data
        if users_query:
            return render_template('discover.html',
                                   title='discover',
                                   form=form,
                                   formFollow=formFollow,
                                   requests=getRequests(session["username"]),
                                   users=users_data,
                                   userPics=users_pics,
                                   usersStatus=users_status,
                                   uxr=uxr_data)

        # no user found
        flash("No users found.", 'info')

    # create form for user requests management
    formFollow = UserFollowForm()

    return render_template('discover.html',
                           title='discover',
                           form=form,
                           requests=getRequests(session["username"]),
                           formFollow=formFollow)
コード例 #3
0
ファイル: app.py プロジェクト: ssdamouni/rocket-bear 
def search_users():
    form = UserSearchForm()
    if form.validate_on_submit():
        field = form.user_attributes.data
        info = form.search_info.data
        if field == "first_name":
            users = User.query.filter(User.first_name.ilike(info)).all()
            return render_template("users/search-results.html", users=users)
        if field == "last_name":
            users = User.query.filter(User.last_name.ilike(info)).all()
            return render_template("users/search-results.html", users=users)
        if field == "email":
            users = User.query.filter(User.email.ilike(info)).all()
            return render_template("users/search-results.html", users=users)
    return render_template("users/user-search-list.html", form=form)
コード例 #4
0
ファイル: app.py プロジェクト: DaveLin4026/AppSec2 
def query_history(qid=None):
    user_search_form = UserSearchForm()

    if flask.request.method == "GET":
        spell_checker_queries = SpellCheck.query.filter_by(
            user_id=current_user.id).all()
        count = len(spell_checker_queries)

        if qid is not None:
            query = SpellCheck.query.filter_by(id=qid).first()
            if not query.can_be_accessed_by(current_user):
                abort(403)
        else:
            query = None

        return render_template(
            "spell_checker_history.html",
            queries=spell_checker_queries,
            count=count,
            qid=qid,
            searched_user=current_user,
            user=current_user,
            query=query,
            form=user_search_form,
        )

    if flask.request.method == "POST":
        if not current_user.role == Roles.admin:
            abort(403)

        if user_search_form.validate_on_submit():
            searched_user = User.query.filter_by(
                username=user_search_form.username.data).first()

            searched_user_history = SpellCheck.query.filter_by(
                user_id=searched_user.id)

            return render_template(
                "spell_checker_history.html",
                queries=searched_user_history,
                count=len(searched_user_history.all()),
                searched_user=searched_user,
                qid=qid,
                user=current_user,
                query=searched_user_history,
                form=user_search_form,
            )