def shoppinglist_update(shoppinglist_id): shoppinglist = Shoppinglist.query.get(shoppinglist_id) # Avoids error, if shoppinglist is NoneType if not shoppinglist: return login_manager.unauthorized() if shoppinglist.account_id != current_user.id: return login_manager.unauthorized() form = ListForm(request.form) if not form.validate(): for error in form.amount.errors: flash(error) return redirect( url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id)) shoppinglist = Shoppinglist.query.get(shoppinglist_id) product = Product.query.get(form.product_id.data) on_list = db.session.query(Shoppinglistproduct).filter( and_(Shoppinglistproduct.shoppinglist_id == shoppinglist.id, Shoppinglistproduct.product_id == product.id)).first() if on_list: Shoppinglistproduct.update_product_total(form.amount.data, shoppinglist_id, product.id) return redirect( url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id)) shoppinglistproduct = Shoppinglistproduct(form.amount.data) shoppinglistproduct.product_id = product.id shoppinglistproduct.shoppinglist_id = shoppinglist.id shoppinglistproduct.total_product = form.amount.data db.session().add(shoppinglistproduct) db.session.commit() return redirect( url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
def product_update(product_id, product_name, product_price): product = Product.query.get(product_id) # Avoids error, if product is NoneType if not product: return login_manager.unauthorized() if product.account_id != current_user.id: return login_manager.unauthorized() form = UpdateForm(request.form) if not form.validate(): return render_template("product/updateProduct.html", form=form, product_id=product_id, product_name=product_name, product_price=product_price) name = form.name.data product = Product.query.filter( and_(Product.name == name, Product.account_id == current_user.id, Product.id != product_id)).first() if product: return render_template("product/updateProduct.html", form=form, product_id=product_id, product_name=product_name, product_price=product_price, error="Product exists already") update_product = Product.query.get(product_id) update_product.name = form.name.data update_product.price = form.price.data db.session().commit() return redirect(url_for("product_index"))
def henkilotiedot_vaihda_salasana(): """Oman tai huollettavan sanasanan vaihtaminen Kaikki parametrit välitetään lomakkeen kentissä """ salasana = request.form.get("salasana") if not current_user or not current_user.is_authenticated(): return login_manager.unauthorized() if len(salasana) < 6: # Hylätään hiljaisesti, koska javascript torppaa tämän sovelluksessa return redirect(url_for("henkilotiedot_index")) henkiloid = int(request.form.get("henkiloid")) if henkiloid == current_user.id: henkilo = Henkilo.query.get( current_user.id) # Oman salasanan saa vaihtaa else: # Tarkistetaan, että ollaan vaihtamassa huollettavan salasanaa henkilo = kayttaja_autorisointi(henkiloid) if not henkilo: return login_manager.unauthorized() henkilo.asetaSalasana(salasana) flash( "Henkilön {} {} salasana vaihdettu".format(henkilo.etunimi, henkilo.sukunimi), "success") db.session.commit() return redirect(url_for("henkilotiedot_index"))
def shoppinglist_show(shoppinglist_id): shoppinglist = Shoppinglist.query.get(shoppinglist_id) # Avoids error, if shoppinglist is NoneType if not shoppinglist: return login_manager.unauthorized() if shoppinglist.account_id != current_user.id: return login_manager.unauthorized() page, per_page, offset = get_page_args(page_parameter='page', per_page_parameter='per_page') list = Shoppinglist.shoppinglist_show_contents(shoppinglist_id) total = len(list) pagination_list = list[offset:offset + per_page] pagination = Pagination(page=page, per_page=per_page, total=total, css_framework='bootstrap4') return render_template("shoppinglist/showShoppinglist.html", contents=pagination_list, page=page, per_page=per_page, pagination=pagination, form=ListForm(), slist_id=shoppinglist_id)
def auth_delete(user_id): user = User.query.get(user_id) # Avoids error, if user is NoneType if not user: return login_manager.unauthorized() if user.id != current_user.id: return login_manager.unauthorized() # Following loop deletes user related data from product and shoppinglist tables. for product in db.session().query(Product).filter_by(account_id=user_id): onList = db.session.query(Shoppinglistproduct).filter_by(product_id=product.id).all() for listed in onList: db.session().delete(listed) db.session().delete(product) # Following first loop deletes user related data from category table and second one from shoppinglist table. for category in db.session().query(Category).filter_by(account_id=user_id): db.session().delete(category) for shoppinglist in db.session().query(Shoppinglist).filter_by(account_id=user_id): db.session().delete(shoppinglist) # And finally user will be deleted. db.session().delete(user) db.session().commit() flash('Your account and all your data has been deleted!') return redirect(url_for("index"))
def category_update(category_id, category_category): category = Category.query.get(category_id) # Avoiding error if not category: return login_manager.unauthorized() if category.account_id != current_user.id: return login_manager.unauthorized() form = CategoryForm(request.form) if not form.validate(): return render_template("category/updateCategory.html", form=form, category_id=category_id, category_category=category_category) category = form.category.data check = Category.query.filter( and_(Category.category == category, or_(Category.id != category_id, Category.account_id == 0))).first() if check: return render_template("category/updateCategory.html", form=form, category_id=category_id, category_category=category_category, error="Category exists already.") update_category = Category.query.get(category_id) update_category.category = form.category.data db.session().commit() return redirect(url_for("category_index"))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return login_manager.unauthorized() for r in roles: if current_user.has_role(r): return fn(*args, **kwargs) else: return login_manager.unauthorized()
def auth_are_you_sure(user_id): user = User.query.get(user_id) # Avoids error, if user is NoneType if not user: return login_manager.unauthorized() if user.id != current_user.id: return login_manager.unauthorized() return render_template("auth/areYouSure.html", user_id=user_id )
def decorator(*args, **kwargs): if not current_user or not current_user.is_authenticated: return login_manager.unauthorized() if not all(role_name in current_user.roles for role_name in role_names): return login_manager.unauthorized() return f(*args, **kwargs)
def category_update_form(category_id, category_category): category = Category.query.get(category_id) # Avoiding error if not category: return login_manager.unauthorized() if category.account_id != current_user.id: return login_manager.unauthorized() return render_template("category/updateCategory.html", form=CategoryForm(), category_id=category_id, category_category=category_category)
def update_product_form(product_id, product_name, product_price): product = Product.query.get(product_id) # Avoids error, if product is NoneType if not product: return login_manager.unauthorized() if product.account_id != current_user.id: return login_manager.unauthorized() return render_template("product/updateProduct.html", form=UpdateForm(), product_id=product_id, product_name=product_name, product_price=product_price)
def shoppinglist_remove(product_id, shoppinglist_id): shoppinglist = Shoppinglist.query.get(shoppinglist_id) # Avoids error, if shoppinglist is NoneType if not shoppinglist: return login_manager.unauthorized() if shoppinglist.account_id != current_user.id: return login_manager.unauthorized() product_on_list = db.session.query(Shoppinglistproduct).filter( and_(Shoppinglistproduct.product_id == product_id, Shoppinglistproduct.shoppinglist_id == shoppinglist_id)).first() db.session().delete(product_on_list) db.session().commit() return redirect( url_for("shoppinglist_show", shoppinglist_id=shoppinglist_id))
def edit_message(thread_id, message_id): message = Message.query.get(message_id) if message.account_id != current_user.id and current_user.role != "ADMIN": return login_manager.unauthorized() if request.method == "GET": form = MessageForm() form.content.data = message.content return render_template("messages/edit.html", form=form, thread_id=thread_id, message_id=message_id) form = MessageForm(request.form) if not form.validate(): return render_template("messages/edit.html", form=form, thread_id=thread_id, message_id=message_id) message.content = form.content.data db.session().commit() return redirect(url_for("get_messages_from_thread_id", thread_id=thread_id))
def edit_thread(thread_id): thread = Thread.query.get(thread_id) if thread.account_id != current_user.id and current_user.role != "ADMIN": return login_manager.unauthorized() categories = [(c.id, c.name) for c in Category.query.all()] if request.method == "GET": form = EditThreadForm() form.title.data = thread.title form.categories.choices = categories return render_template("threads/edit.html", form=form, thread_id=thread_id) form = EditThreadForm(request.form) form.categories.choices = categories if not form.validate(): return render_template("threads/edit.html", form=form, thread_id=thread_id) thread.title = form.title.data thread.categories.clear() categories = form.categories.data for c_id in categories: c = Category.query.get(c_id) thread.categories.append(c) db.session().commit() return redirect(url_for("threads_index"))
def report_change_description(report_id, naturesite_id): r = Report.query.get(report_id) if not r: return render_template("error.html", message="ERROR! Report not found") n = NatureSite.query.get(naturesite_id) if not n: return render_template("error.html", message="ERROR! Nature site not found") if r.account_id != current_user.id: return login_manager.unauthorized() form = ReportEditForm(request.form) if not form.validate(): return render_template("report/edit.html", form=form, naturesite_id=naturesite_id, report=r) r.description = form.description.data db.session().commit() return redirect(url_for("naturesite_show", naturesite_id=naturesite_id))
def auth_edit_profile(user_id): if not user_id.isdigit(): return redirect("index") if int(user_id) != current_user.id and not current_user.is_superuser(): return login_manager.unauthorized() if request.method == "GET": form = EditUserForm(obj=User.query.get(user_id)) return render_template("auth/edit_profile.html", form=form) form = EditUserForm(request.form) # here is enough to compare form.id to user_id, since line 4 in # this method checks for credentials if (not form.id.data.isdigit() or int(form.id.data) != int(user_id) or not form.validate()): return render_template("auth/edit_profile.html", form=form) user = User.query.get(user_id) user.name = form.name.data user.username = form.username.data user.email = form.email.data db.session.commit() return redirect(url_for("user_view", user_id=user_id))
def henkilotiedot_luo_huollettava(): """Uuden huollettavan itselisääminen - tietojen tallentaminen""" if not current_user or not current_user.is_authenticated( ) or not current_user.aikuinen(): return login_manager.unauthorized() form = HenkiloTiedotForm(request.form) if not form.validate(): flash("Ole hyvä ja tarkista syöttämäsi tiedot", "danger") return render_template("henkilotiedot/uusihuollettava.html", form=form) lapsi = Henkilo() form.tallenna(lapsi) lapsi.jasenyysalkoi = datetime.today() lapsi.huoltajat.append(current_user) db.session.add(lapsi) try: db.session.commit() except IntegrityError: flash("Sähköpostiosoite on jo käytössä", "danger") form.email.errors.append("Sähköpostiosoite on jo käytössä") return render_template("henkilotiedot/uusihuollettava.html", form=form) return redirect(url_for("henkilotiedot_index"))
def mod_senseis(id): s = Senseis.query.get(id) if not (current_user.id == s.id or current_user.username == 'genki'): return login_manager.unauthorized() form = SenseiForm(request.form) name = form.name.data l = form.logon.data.lower().strip() prior_sensei = Senseis.query.filter_by(logon=l).first() same = (s == prior_sensei) if l == 'genki': return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Sorry, 'Genki' reserverd for other purposes") elif not form.validate() and len(name.strip()) > 0 and len(l) > 0: return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Name and Logon should be between 3 and 15 char") elif len(name.strip()) > 0 and len(name.strip()) < 3: return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Name should be between 3 and 15 char without blanks") elif len(l) < 3 and len(l) > 0: return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Logon should be between 3 and 15 char without blanks") elif prior_sensei and not same: return render_template("senseis/edit.html", senseis = Senseis.query.get(id), error = "Logon already taken") user = User.query.filter_by(username=s.logon).first() if len(name.strip()) > 0: s.name = name user.name = name if len(l) > 0: s.logon = l user.username = l db.session().commit() flash("Sensei {} was modified".format(s.name)) return redirect(url_for("senseis_index"))
def ryhmat_luo_kokoussarja(ryhma_id: int): """Toistuvien kokousten sarjan lisääminen tietokantaan""" if not ryhma_autorisaatio(ryhma_id): return login_manager.unauthorized() form = KokousSarjaForm(request.form) ryhma = Ryhma.query.get(ryhma_id) if not form.validate(): return render_template("ryhmat/uusisarja.html", ryhma=ryhma, form=form) paiva = form.alkaa.data kokoukset = 0 while paiva < form.paattyy.data: if paiva.weekday() == int(form.viikonpaiva.data): kokous = Kokous(ryhma.id) kokous.alkaa = datetime.combine(paiva, form.alkaaklo.data) kokous.paattyy = datetime.combine(paiva, form.paattyyklo.data) kokous.sijainti = form.sijainti.data kokous.kuvaus = form.kuvaus.data db.session.add(kokous) kokoukset += 1 paiva = paiva + timedelta(days=1) db.session.commit() flash("Lisätty {} kokousta".format(kokoukset), "success") return redirect(url_for("ryhmat_kokoukset", ryhma_id=ryhma_id))
def ryhmat_kokoukset_uusi(ryhma_id: int): """Lomake uuden kokouksen lisäämiseen""" if not ryhma_autorisaatio(ryhma_id): return login_manager.unauthorized() ryhma = Ryhma.query.get(ryhma_id) form = KokousTiedotForm() return render_template("ryhmat/uusikokous.html", ryhma=ryhma, form=form)
def auth_change_password(user_id): if not user_id.isdigit(): return redirect("index") if int(user_id) != current_user.id and not current_user.is_superuser(): return login_manager.unauthorized() if request.method == "GET": form = EditUserPasswordForm() form.id.data = user_id return render_template("auth/edit_password.html", form=form) form = EditUserPasswordForm(request.form) if (not form.id.data.isdigit() or int(form.id.data) != int(user_id) or not form.validate()): return render_template("auth/edit_password.html", form=form) user = User.query.get(user_id) if not user.check_password(form.old_password.data): form.old_password.errors.append("Invalid password") return render_template("auth/edit_password.html", form=form) user.set_password(form.new_password.data) db.session.commit() return render_template("users/user.html", user=user)
def accounts_update(account_id): if not __is_owner(account_id): return login_manager.unauthorized() form = AccountProfileForm(request.form) account = Account.query.get(account_id) if not form.validate(): return render_template("accounts/account_profile.html", form = form, account = account ) if not account: return redirect(url_for("index")) if form.password.data: account.password = sha256_crypt.encrypt(form.password.data) account.name = form.name.data account.email = form.email.data account.profile_info = form.profile_info.data db.session.commit() return redirect(url_for("accounts_profile", account_id=account_id))
def ryhmat_menneet_muokkaa(kokous_id): kokous = Kokous.query.get(kokous_id) if not ryhma_autorisaatio(kokous.ryhmaid): return login_manager.unauthorized() return render_template("ryhmat/lasnalista.html", kokous=kokous, ryhma=kokous.ryhma)
def skills_update(skill_id): skill = Skill.query.get(skill_id) if not skill.is_owned_by(current_user.id): return login_manager.unauthorized() form = SkillForm(request.form) if not form.validate(): return render_template( "skills/skills.html", form=form, skills=Skill.query.filter_by(owner_id=current_user.id)) if not __validate_experience(form): return render_template( "skills/skills.html", form=form, skills=Skill.query.filter_by(owner_id=current_user.id), error="You must give an experience to skill") work_experience = Experience.query\ .filter_by(skill_id=skill_id, experience_type="Work experience")\ .first() other_experience = Experience.query\ .filter_by(skill_id=skill_id, experience_type="Other experience")\ .first() work_experience.experience = form.work_experience_years.data * 12 + form.work_experience_months.data other_experience.experience = form.other_experience_years.data * 12 + form.other_experience_months.data db.session.commit() return redirect(url_for("skills_my"))
def ryhmat_kokoukset_uusisarja(ryhma_id: int): """Lomake toistuvien kokousten sarjan lisäämiseksi""" if not ryhma_autorisaatio(ryhma_id): return login_manager.unauthorized() ryhma = Ryhma.query.get(ryhma_id) form = KokousSarjaForm() return render_template("ryhmat/uusisarja.html", ryhma=ryhma, form=form)
def auth_change_password(user_id): if not user_id.isdigit(): return redirect("index") if int(user_id) != current_user.id and not current_user.is_superuser(): return login_manager.unauthorized() if request.method == "GET": form = EditUserPasswordForm() form.id.data = user_id return render_template("auth/edit_password.html", form=form) form = EditUserPasswordForm(request.form) if (not form.id.data.isdigit() or int(form.id.data) != int(user_id) or not form.validate()): return render_template("auth/edit_password.html", form=form) user = User.query.get(user_id) if form.old_password.data != user.password: form.old_password.errors.append("Väärä salasana") return render_template("auth/edit_password.html", form=form) user.password = form.new_password.data db.session.commit() return redirect(url_for("show_profile", user_id=user_id))
def recipe_update(recipe_id): rToUpdate = Recipe.query.get(recipe_id) if rToUpdate.account_id != current_user.id: return login_manager.unauthorized() form = RecipeForm(request.form) form.name.data = rToUpdate.name form.ingredients.data = rToUpdate.ingredients form.recipetext.data = rToUpdate.recipe_text form.tips.data = rToUpdate.tips if request.method == "GET": return render_template("recipes/editrecipe.html", form=form, recipe=rToUpdate) if not form.validate(): return render_template("recipes/editrecipe.html", form=form) form = RecipeForm(request.form) rToUpdate.name = form.name.data rToUpdate.ingredients = form.ingredients.data rToUpdate.recipe_text = form.recipetext.data rToUpdate.tips = form.tips.data db.session().add(rToUpdate) db.session().commit() return redirect(url_for("recipes_index"))
def auth_edit_profile(user_id): if not user_id.isdigit(): return redirect("index") if int(user_id) != current_user.id and not current_user.is_superuser(): return login_manager.unauthorized() if request.method == "GET": form = EditUserForm(obj=User.query.get(user_id)) return render_template("auth/edit_profile.html", form=form) form = EditUserForm(request.form) if (not form.id.data.isdigit() or int(form.id.data) != int(user_id) or not form.validate()): return render_template("auth/edit_profile.html", form=form) user = User.query.get(user_id) user.name = form.name.data user.username = form.username.data user.email = form.email.data db.session.commit() return redirect(url_for("show_profile", user_id=user_id))
def reviews_modify(review_id): re = Review.get_review_by_id(review_id) if re['account_id'] != current_user.id: return login_manager.unauthorized() if request.method == "GET": form = ReviewForm(stars=re['stars']) form.author.data = re['author'] form.name.data = re['book'] form.review.data = re['review'] return render_template("reviews/modify.html", form=form, review_id=review_id) form = ReviewForm(request.form) if not form.validate(): return render_template("reviews/modify.html", form=form) r = Review.query.get(review_id) r.review = form.review.data r.stars = form.stars.data db.session().commit() return redirect(url_for("reviews_index"))
def henkilotiedot_uusi_huollettava(): """Uuden huollettavan itselisääminen - lomakkeen näyttäminen""" if not current_user or not current_user.is_authenticated( ) or not current_user.aikuinen(): return login_manager.unauthorized() form = HenkiloTiedotLapsiForm() return render_template("henkilotiedot/uusihuollettava.html", form=form)