def all_posts():
db = get_db()
posts = db.execute(
'SELECT p.id, title, created, author_id, description, file_name, username, species, condition, timept'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC').fetchall()
return posts
def update(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
description = request.form['description']
species = request.form['species']
condition = request.form['condition']
timept = request.form['timept']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE post SET title = ?, description = ?, species = ?, condition = ?, timept = ?'
' WHERE id = ?',
(title, description, species, condition, timept, id))
db.commit()
return redirect(url_for('posts.index'))
return render_template('posts/update.html', post=post)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else: # check if user id is stored in session and get the user's data
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def get_post(id):
db = get_db()
post = db.execute(
'SELECT p.id, title, created, author_id, description, file_name, username, species, condition, timept'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?', (id, )).fetchone()
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
# if check_author and post['author_id'] != g.user['id']:
# abort(403)
return post
def create():
if request.method == 'POST':
title = request.form['title']
description = request.form['description']
file = request.files['file']
filename = secure_filename(file.filename)
species = request.form['species']
condition = request.form['condition']
timept = request.form['timept']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
if file: # if there's a file save it
# save info in SQL database
db = get_db()
db.execute(
'INSERT INTO post (title, author_id, description, file_name, species, condition, timept)'
' VALUES (?, ?, ?, ?, ?, ?, ?)',
(title, g.user['id'], description, filename, species,
condition, timept))
db.commit()
postid = str(
db.execute(
'SELECT seq from sqlite_sequence WHERE name = "post"').
fetchone()['seq'])
# save file on Amazon S3
my_bucket = get_bucket()
my_bucket.Object(file.filename).put(Body=file)
flash("File uploaded successfully! Entries added to index!")
# make Whoosh index for file
bucket = "proteomics-db-test"
file_df = format_file(get_df(bucket, filename))
file_dict = make_dict(file_df)
num_proteins = len(file_df)
# not a great way to pass condition like this, because any
# modification to post will not be accepted by Whoosh
create_index(postid, condition, file_dict, create_schema(),
num_proteins)
return redirect(url_for('posts.index'))
return render_template('posts/create.html')
def delete(id):
# remove from SQL database
get_post(id)
db = get_db()
db.execute('DELETE FROM post WHERE id = ?', (id, ))
db.commit()
key = request.form['key']
my_bucket = get_bucket()
my_bucket.Object(key).delete()
# remove file contents from Whoosh index
remove_doc(str(id))
flash('File deleted successfully! Contents removed from index!')
return redirect(url_for('posts.index'))
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'There is no account associated with this username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear() # session dict stores data info across requests
session['user_id'] = user['id']
return redirect(url_for('search.search'))
flash(error)
return render_template('auth/login.html')
def register():
if request.method == 'POST':
# get registration info
first_name = request.form['first_name']
last_name = request.form['last_name']
email = request.form['email']
username = request.form['username']
password = request.form['password']
affiliation = request.form['affiliation']
db = get_db()
error = None
# validate information
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(
username) # get first same username, if any
# save
if error is None:
db.execute(
'INSERT INTO user (first_name, last_name, email, username, password, affiliation) '
'VALUES (?, ?, ?, ?, ?, ?)',
(first_name, last_name, email, username,
generate_password_hash(password), affiliation))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template(
'auth/register.html') # register if not already registered