def deaditor(idnote):
if request.method == "POST":
if current_user.is_authenticated:
if has_access_to_note(idnote, current_user['iduser']):
con, conn = connection()
con.execute("SELECT * FROM note_view WHERE idnote = %s",
escape_string(idnote))
note = con.fetchone()
con.execute(
"SELECT creator_id FROM note_view WHERE idnote = %s",
escape_string(idnote))
creator = con.fetchone()
con.close()
conn.close()
if creator['creator_id'] == current_user['iduser']:
try:
with open('pytatki/files/' + note['value'],
'wb') as file:
file.write(request.data)
return jsonify({"data": "Zapisanie powiodło się"})
except Exception as error:
flash(error)
return jsonify({"data": "Nie udało się zapisać"})
else:
return jsonify(
{"data": "Tylko właściciel może zapisywać notatkę"})
else:
return jsonify({"data": "Nie masz dostępu do notatki"})
else:
return jsonify({"data": "Musisz być zalogowany"})
else:
if current_user.is_authenticated:
if has_access_to_note(idnote, current_user['iduser']):
con, conn = connection()
con.execute("SELECT * FROM note_view WHERE idnote = %s",
escape_string(idnote))
note = con.fetchone()
con.execute(
"SELECT creator_id FROM note_view WHERE idnote = %s",
escape_string(idnote))
creator = con.fetchone()
con.close()
conn.close()
is_author = creator['creator_id'] == current_user['iduser']
if note['note_type'] == "deadnote":
with open('pytatki/files/' + note['value'], 'r') as file:
data = json.load(file)
return render_template("deaditor.html",
file=data,
is_author=is_author)
return redirect("/download/" + idnote)
flash("Musisz byc zalogowany", 'warning')
return redirect('/app/')
def add():
"""Add new file"""
if request.method == 'POST':
if note_exists(title=request.form['title'],
notegroup_id=request.form['notegroup_id']):
return jsonify({'data': 'name in use'}), 400
form = request.form
if 'file' not in request.files:
return jsonify({'data': 'No file part'})
request_file = request.files['file']
if request_file.filename == '':
return jsonify({'data': 'Nie wybrano pliku'})
if request_file:
if allowed_file(request_file.filename):
filename = secure_filename(request_file.filename)
else:
return jsonify({'data': "File unsecure"})
if not os.path.exists(
os.path.join(APP.config['UPLOAD_FOLDER'],
form['notegroup_id'], filename)):
if not os.path.exists(
os.path.join(APP.config['UPLOAD_FOLDER'],
form['notegroup_id'])):
os.makedirs(
os.path.join(APP.config['UPLOAD_FOLDER'],
form['notegroup_id']))
request_file.save(
os.path.join(APP.config['UPLOAD_FOLDER'],
form['notegroup_id'], filename))
else:
return jsonify({'data': 'Nieobslugiwane rozszerzenie'}), 501
con, conn = connection()
conn.begin()
added = create_note(conn,
str(os.path.join(form['notegroup_id'],
filename)), form['title'],
CONFIG['identifiers']['note_type_file_id'],
current_user['iduser'], form['notegroup_id'],
CONFIG['identifiers']['status_active_id'])
conn.commit()
con.close()
conn.close()
if not added:
return jsonify({'data': 'failed'}), 500
return jsonify({'data': 'Notatka zostala dodana!'}), 201
else:
con, conn = connection()
con.execute("SELECT * FROM notegroup_view WHERE iduser = %s",
escape_string(str(current_user['iduser'])))
topics = con.fetchall()
con.close()
conn.close()
return render_template('add.html', topics=topics)
def insert_removed_status(insert_active_status):
c, conn = connection()
conn.begin()
create_status(conn, 'removed', 'Record is removed')
conn.commit()
c.close()
conn.close()
def get_user(id_user=None, login=None, email=None):
"""Returns user by given data"""
sql = "SELECT * FROM user WHERE {} = %s"
user_data = ()
if id_user:
sql = sql.format("iduser")
user_data = (escape_string(str(id_user)))
elif login:
sql = sql.format("login")
user_data = (escape_string(login))
elif email:
sql = sql.format("email")
user_data = (escape_string(email))
con, conn = connection()
con.execute(sql, user_data)
user_dict = con.fetchone()
if not user_dict:
return None
con.execute("SELECT * FROM user_membership WHERE user_id = %s AND usergroup_id = %s",
(escape_string(str(user_dict['iduser'])), escape_string(str(Config['identifiers']['admingroup_id']))))
admin = con.fetchone()
user = User(is_admin=bool(admin))
user.update(user_dict)
con.close()
conn.close()
gc.collect()
return user
def post_note(title="xxd",
type_name="text",
value="xd",
id_notegroup=1,
id_user=1):
"""Post a note to database"""
if not has_access_to_notegroup(id_notegroup, id_user):
return "Access denied"
if type_name == "file":
return "File type is not supported via GraphQL"
con, conn = connection()
con.execute(
"SELECT idnote FROM note WHERE title = %s AND notegroup_id = %s",
(escape_string(title), escape_string(str(id_notegroup))))
used_name = con.fetchone()
if used_name:
con.close()
conn.close()
return "Cannot add note: used title"
conn.begin()
con.execute(
"INSERT INTO note (value, title, note_type_id, user_id, notegroup_id) VALUES (%s, %s, %s, %s, %s)",
(escape_string(value), escape_string(title),
escape_string(str(type_id(type_name))), escape_string(
str(id_user)), escape_string(str(id_notegroup))))
note_id = con.lastrowid
con.execute(
"INSERT INTO action (content, user_id, note_id) VALUES (\"Create\", %s, %s)",
(escape_string(str(id_user)), escape_string(str(note_id))))
conn.commit()
con.execute("SELECT * FROM note_view WHERE idnote = %s",
escape_string(str(note_id)))
note = con.fetchone()
return note
def test_create_action(insert_user):
_, conn = connection()
_.execute("SELECT * FROM action WHERE content=\"create note Test\"")
exists = _.fetchone()
conn.close()
if not exists:
raise AssertionError()
def find_notegroup_children(id_notegroup, id_user):
"""Generate dict with recurent children of usergroup"""
if id_notegroup == 0 or not int(id_notegroup) or id_user == 0 or not int(
id_user):
return "ID must be a valid positive integer"
children = []
if has_access_to_notegroup(id_notegroup, id_user):
con, conn = connection()
con.execute(
"SELECT idnotegroup, folder_name FROM notegroup_view WHERE iduser = %s AND parent_id = %s",
(escape_string(str(id_user)), escape_string(str(id_notegroup))))
usergroups = con.fetchall()
con.execute(
"SELECT idnote, value, note_type, creator_login, notegroup_id, notegroup_name, title AS 'name' FROM "
"note_view WHERE notegroup_id = %s AND status_id = 1",
escape_string(str(id_notegroup)))
notes = con.fetchall()
con.close()
conn.close()
if usergroups:
for usergroup in usergroups:
children.append(usergroup)
if notes:
for note in notes:
children.append(note)
return json.dumps(children, ensure_ascii=False)
def insert_active_status(create_db):
_, conn = connection()
conn.begin()
create_status(conn, 'active', 'Record is active')
conn.commit()
_.close()
conn.close()
def take_admin(identifier):
"""take admin"""
if int(identifier) != int(CONFIG['identifiers']['admin_id']):
con, conn = connection()
query = con.execute("SELECT iduser, login FROM user WHERE iduser = %s",
escape_string(identifier))
user = con.fetchone()
if current_user.is_admin and query:
try:
con.execute(
"DELETE FROM user_membership WHERE user_id = %s AND usergroup_id = %s",
(escape_string(identifier),
escape_string(int(
CONFIG['identifiers']['admingroup_id']))))
conn.commit()
flash(
'Odebrano uprawnienia administratora uzytkownikowi ' +
user['login'], 'success')
except Exception as error:
flash("Error: " + str(error), 'danger')
else:
flash("Nie mozesz tego zrobic", 'warning')
con.close()
conn.close()
else:
flash("Nie mozesz tego zrobic", 'warning')
return redirect(
request.args.get('next') if 'next' in request.args else '/')
def test_notegroup_empty(insert_notegroup, insert_usergroup):
_, conn = connection()
notegroup_id = insert_notegroup(conn, 'test_empty', insert_usergroup)
if notegroup_empty(notegroup_id) is not True:
raise AssertionError()
_.close()
conn.close()
def test_remove_note(insert_note):
_, conn = connection()
remove_note(conn, 1, 1)
conn.commit()
if note_exists(idnote=1) is not False:
raise AssertionError()
_.close()
conn.close()
def insert_user(insert_active_status):
_, conn = connection()
conn.begin()
user_id = create_user(conn, 'test', 'test', 'test@test', 1)
conn.commit()
_.close()
conn.close()
return user_id
def executeSQL(query, *args, **kwargs):
con, conn = connection()
con.execute(query, *args, **kwargs)
result = con.fetchone()
con.close()
conn.close()
gc.collect()
return result
def insert_text_note_type(create_db):
_, conn = connection()
conn.begin()
note_type_id = create_note_type(conn, 'text', 'Text')
conn.commit()
_.close()
conn.close()
return note_type_id
def insert_test_notegroup(insert_usergroup, insert_user):
_, conn = connection()
conn.begin()
notegroup_id = create_notegroup(conn, 'test', insert_usergroup)
conn.commit()
_.close()
conn.close()
return notegroup_id
def _insert(*args, **kwargs):
_, conn = connection()
conn.begin()
notegroup_id = create_notegroup(*args, **kwargs)
conn.commit()
_.close()
conn.close()
return notegroup_id
def join_group(group):
group = ts.loads(group, salt=APP.secret_key, max_age=86400)
con, conn = connection()
conn.begin()
add_user_to_usergroup(conn, current_user['iduser'], group)
conn.commit()
con.close()
conn.close()
return redirect('/app/')
def insert_usergroup(insert_user):
_, conn = connection()
conn.begin()
usergroup_id = create_usergroup(conn, 'test', 'test')
add_user_to_usergroup(conn, insert_user, usergroup_id)
conn.commit()
_.close()
conn.close()
return usergroup_id
def api_create_usergroup(name, description, iduser):
con, conn = connection()
conn.begin()
idusergroup = create_usergroup(conn, name, description)
add_user_to_usergroup(conn, iduser, idusergroup)
create_notegroup(conn, "root{}".format(name), idusergroup)
conn.commit()
con.close()
conn.close()
return json.dumps({'data': idusergroup})
def insert_note(insert_user, insert_text_note_type, insert_test_notegroup):
"""Insert new note"""
con, conn = connection()
conn.begin()
note_id = create_note(
conn, 'test', 'Test', insert_text_note_type, insert_user, insert_test_notegroup, 1)
conn.commit()
con.close()
conn.close()
return note_id
def api_create_notegroup(name, idusergroup, parent_id, id_user):
con, conn = connection()
conn.begin()
idnotegroup = create_notegroup(conn,
name,
idusergroup,
parent_id=parent_id)
conn.commit()
con.close()
conn.close()
return json.dumps({'data': idnotegroup})
def update_password():
if current_user.check_password(request.form['password']):
con, conn = connection()
password = sha256_crypt.encrypt((str(request.form['new-password'])))
con.execute("UPDATE user SET password = %s WHERE iduser = %s",
(escape_string(password),
escape_string(str(current_user['iduser']))))
conn.commit()
con.close()
conn.close()
return redirect(
request.args.get('next') if 'next' in request.args else '/')
def delete_notegroup(identifier):
if has_access_to_notegroup(identifier, current_user['iduser']):
if notegroup_empty(identifier):
con, conn = connection()
conn.begin()
remove_notegroup(conn, identifier)
conn.commit()
con.close()
conn.close()
return jsonify({'data': 'success'})
return jsonify({'data': 'notegroup not empty'})
return jsonify({"data": 'access denied'}), 403
def db_init(host=None, user=None, password=None):
"""Create database from sql/create-database"""
host = input("DB host: [127.0.0.1]") if not host else host
host = '127.0.0.1' if host == '' else host
user = input("DB user: [root] ") if not user else user
user = '******' if user == '' else user
password = input("DB root password: "******"Connecting...")
conn = connect(host=host, user=user, password=password)
print("Connection OK")
print("Setting up database...")
create_database = parse_sql('sql/create-database.sql')
conn.begin()
for query in create_database:
conn.cursor().execute(query)
conn.commit()
conn.close()
con, conn = connection(host='127.0.0.1',
user='******',
password='******',
db='pytatki')
conn.begin()
admin_group_id = create_usergroup(conn, 'admins', 'Group of admins')
active_id = create_status(conn, 'active', 'Record is active')
removed_id = create_status(conn, 'removed', 'Record is removed')
file_id = create_note_type(
conn, "file",
"A file in format of txt, pdf, png, jpg, jpeg, gif, doc, docx, ppt, pptx, xslx, xsl, odt, rtf, cpp"
)
text_id = create_note_type(conn, "text", "Just plain non-formated text")
url_id = create_note_type(conn, "url", "An URL link to another resource")
deadnote_id = create_note_type(conn, "deadnote", "Note made with Pytatki")
username = input("Insert your admin login: [admin]")
username = '******' if username == '' else username
email = input("Insert your admin email: ")
password = input("Insert your admin password: "******"INSERT INTO user_membership (user_id, usergroup_id) VALUES (%s, %s)",
(escape_string(str(admin_id)), escape_string(str(admin_group_id))))
conn.commit()
con.close()
conn.close()
save_to_config({
'admingroup_id': admin_group_id,
'admin_id': admin_id,
'active_id': active_id,
'removed_id': removed_id,
'file_id': file_id,
'text_id': text_id,
'url_id': url_id,
'deadnote_id': deadnote_id
})
def get_token_get():
next_url = request.args.get('next')
state = request.args.get('state')
con, conn = connection()
# con.execute("SELECT * FROM app_view WHERE client_id = %s",
# escape_string(request.args.get('client_id')))
app = {'idapp': 1, 'name': 'GraphQL', 'access': 'rw'}
con.close()
conn.close()
return render_template("dialog/auth.html",
app=app,
next_url=next_url,
state=state)
def register_post():
"""Function for registration a new user"""
# try:
if not current_user.is_authenticated:
form = request.form
con, conn = connection()
if 'password' in form and form['password'] == form['confirm'] and len(
form['password']) >= 8 and valid_password(form['password']):
wrong_password = False
else:
wrong_password = True
accept = form['accept_tos'] if 'accept_tos' in form else None
con.execute(
"SELECT * FROM user WHERE login = (%s) OR email = %s",
(escape_string(form['username']), escape_string(form['email'])))
used_username = con.fetchone()
if accept != 'checked' or used_username or '@' not in form['email'] \
or wrong_password or valid_username(form['username']):
return render_template(
'register.html',
form=form,
not_accept=bool(accept != 'checked'),
used_username=used_username,
wrong_email=bool('@' not in form['email']),
wrong_password=wrong_password,
wrong_username=bool(' ' in form['username']),
upper=bool(not form['username'] == form['username'].lower()),
)
con.execute("SELECT idstatus FROM status WHERE name = \"active\"")
active = con.fetchone()
con.execute(
"INSERT INTO user (login, password, email, status_id) VALUES "
"(%s, %s, %s, %s)",
(escape_string(form['username']),
sha256_crypt.encrypt(escape_string(
form['password'])), escape_string(
form['email']), escape_string(str(active['idstatus']))))
conn.commit()
flash("Zarejestrowano pomyslnie!", 'success')
con.close()
conn.close()
gc.collect()
send_confirmation_email(form['email'])
return redirect(
url_for('login_get',
next=request.args.get('next'),
username=form['username']))
else:
flash("Jestes juz zalogowany!", 'warning')
return redirect(
request.args.get('next') if 'next' in request.args else '/')
def confirm_email(token):
try:
email = ts.loads(token, salt=APP.secret_key, max_age=86400)
con, conn = connection()
con.execute("UPDATE user SET email_confirm = 1 WHERE email = (%s)",
escape_string(email))
conn.commit()
flash("Adres email zweryfikowany!", 'success')
con.close()
conn.close()
gc.collect()
except Exception as error:
flash("Blad" + str(error), 'danger')
return redirect('/')
def test_remove_notegroup(insert_notegroup, insert_usergroup):
_, conn = connection()
conn.begin()
notegroup_id = insert_notegroup(conn, 'test_remove', insert_usergroup)
remove_notegroup(conn, notegroup_id)
conn.commit()
_.execute("SELECT * FROM notegroup WHERE idnotegroup = %s",
pymysql.escape_string(str(notegroup_id)))
notegroup = _.fetchone()
if notegroup:
print(notegroup)
raise AssertionError()
_.close()
conn.close()
def test_create_note(insert_user):
con, conn = connection()
note = create_note(conn, "test", "Test", 1, 1, 1, 1)
conn.commit()
if note:
print(note)
raise AssertionError()
note = create_note(conn, "test_create_note", "TestCN", 1, 1, 1, 1)
conn.commit()
if note is None:
print(note)
raise AssertionError()
con.close()
conn.close()
def user_list():
"""wyswietla liste uzytkownikow"""
if current_user.is_admin:
con, conn = connection()
con.execute("SELECT * FROM user")
users_raw = con.fetchall()
con.close()
conn.close()
users = []
for user_dict in users_raw:
user = get_user(id_user=user_dict['iduser'])
users.append(user)
return render_template('user_list.html', users=users)
flash('Nie mozesz tego zrobic!', 'warning')
return redirect('/')
