def modify_exercise(id):
if not authentication.is_admin(
) or authentication.get_csrf_token() != request.form["csrf_token"]:
abort(403)
heading = request.form["heading"]
description = request.form["description"]
topic = request.form["topic"]
input_size = request.form["input_size"]
order = request.form["order"]
if not heading:
return render_template("exercises/admin/modifyexercise.html",
headingError=messages.empty_heading(),
id=id)
if not description:
return render_template("exercises/admin/modifyexercise.html",
descriptionError=messages.empty_description(),
id=id)
if not topic or not topic.isnumeric():
return render_template("exercises/admin/modifyexercise.html",
topicError=messages.invalid_topic(),
id=id)
if not input_size or not input_size.isnumeric():
return render_template("exercises/admin/modifyexercise.html",
inputError=messages.invalid_input_size(),
id=id)
if not order or not order.isnumeric():
return render_template("exercises/admin/newexercise.html",
orderError=messages.invalid_order(),
id=id)
topic = int(topic)
input_size = int(input_size)
order = int(order)
exerciseDAO.update_exercise(heading, description, topic, input_size, order,
id)
return redirect("/exercise/" + str(id))
def admin_list():
"""This function load users and return users list template."""
if not is_authenticated() or not is_admin():
return redirect(url_for('login'))
users = load_users_admins(AdminModel)
return render_template("admin/admin_list.html", users=users)
def register_admin():
"""This function load register admin page and add new admin.
Return Page: if the request is get request
Add new record: if the reqeuest if post request and form is validatad
"""
if not is_authenticated() or not is_admin() or not is_supper():
return redirect(url_for('login'))
form = AdminRegisterForm()
if request.method == "GET":
return render_template("admin/register_admin.html", form = form)
else:
if form.validate():
if not email_is_unique(AdminModel, form.email.data, "add"):
flash("email already taken", category="emailNotUnique")
return render_template("admin/register_admin.html", form = form)
else:
admin = AdminModel(form.name.data, form.email.data.lower(),
form.password.data)
db.session.add(admin)
db.session.commit()
flash("Admin Created", category="addSuccess")
return redirect(url_for('register_admin'))
else:
return render_template("admin/register_admin.html", form = form)
def show_all_submissions(id):
if not authentication.is_admin():
abort(403)
menu = get_menu_info(id)
username = authentication.get_logged_user()
submissions = submissionDAO.get_submissions_by_exercise_id(id)
return render_template("exercises/submissions.html", id=id, heading=menu[0], solved=menu[1], admin=menu[2], submissions=submissions)
def change_password():
"""This function change both users and amins password.
It is accessable by both users and admin that is why we first access the
is_admin() to check if it is an admin or not.
"""
if not is_authenticated():
return redirect(url_for('login'))
admin = is_admin()
form = AdminUpdateForm() if admin else UserUpdateForm()
pass_form = changePasswordForm()
redirect_page_url = "admin/edit_profile_admin.html" if admin \
else "edit_profile.html"
redirect_url = "admin_manage_profile" if admin else "profile"
user = current_user()
if pass_form.validate():
if not verify_password(pass_form.old_password.data):
flash("Invalid Password", category="old_pass_incorect")
return render_template(redirect_page_url, form=form,
pass_form=pass_form
)
else:
user.password = pbkdf2_sha256.hash(pass_form.new_password.data)
db.session.commit()
flash("Password Changed", category="addSuccess")
return redirect(url_for(redirect_url))
else:
return render_template(redirect_page_url, form=form,
pass_form=pass_form
)
def register():
"""This function add new user.
It can be accessed using two http methods. If the method is GET it ruturns
the user registration form else it adds the user to database.
"""
if not is_authenticated() or not is_admin():
return redirect(url_for('login'))
form = UserRegisterForm()
if request.method == "GET":
return render_template("admin/register.html", form = form)
else:
if form.validate():
if not email_is_unique(UserModel, form.email.data, "add"):
flash("email already taken", category="emailNotUnique")
return render_template("admin/register.html", form = form)
else:
user = UserModel(form.name.data, form.address.data,
form.email.data.lower(), form.password.data)
db.session.add(user)
db.session.commit()
flash("User Created", category="addSuccess")
return redirect(url_for('register'))
else:
return render_template("admin/register.html", form = form)
def check_balance():
"""This function call the generate reciept function for current balance."""
# redirct if user is already authenticated
if not is_authenticated() or is_admin():
return redirect(url_for('login'))
Recipt.balance_reciept()
return redirect(request.referrer)
def list_tests(id):
if not authentication.is_admin():
abort(403)
heading = exerciseDAO.get_heading(id)
tests = exerciseDAO.get_tests(id)
return render_template("exercises/admin/modifytests.html",
heading=heading,
id=id,
tests=tests)
def list_exercises():
admin = authentication.is_admin()
username = authentication.get_logged_user()
topic1 = exerciseDAO.get_exercises_by_topic_in_order(1, username)
topic2 = exerciseDAO.get_exercises_by_topic_in_order(2, username)
return render_template("exercises/exerciselist.html",
topic1=topic1,
topic2=topic2,
admin=admin)
def delete_users():
"""This function delete users"""
if not is_authenticated() or not is_admin():
return redirect(url_for('login'))
id = request.form.get("id")
user = UserModel.query.get(id)
db.session.delete(user)
db.session.commit()
flash("Recored Deleted", category="addSuccess")
return redirect(request.referrer)
def show_exercise(id):
exercise = exerciseDAO.get_exercise(id)
solved = submissions.is_solved(id)
admin = authentication.is_admin()
return render_template("exercises/exercise.html",
id=id,
heading=exercise[0],
solved=solved,
admin=admin,
description=exercise[1],
error="")
def post_comment(id):
token = request.form["csrf_token"]
if not (authentication.user_is_logged_in() and authentication.correct_csrf_token(token)):
abort(403)
if not(is_solved or authentication.is_admin()):
abort(403)
username = authentication.get_logged_user()
comment = request.form["comment"]
if len(comment) <= 10000:
submissionDAO.post_comment(username, comment, id)
return redirect("/comments/" + str(id) + "/ok")
def show_modify_exercise(id):
if not authentication.is_admin():
abort(403)
exercise = exerciseDAO.get_exercise(id)
return render_template("exercises/admin/modifyexercise.html",
id=id,
current_heading=exercise[0],
current_description=exercise[1],
current_topic=exercise[2],
current_input_size=exercise[3],
current_order=exercise[4])
def delete_admins():
"""This function delete admiins. only by super admins. """
if not is_authenticated() or not is_admin() or not is_supper():
return redirect(url_for('admin_list'))
id = request.form.get("id")
user = AdminModel.query.get(id)
if user.is_supper:
return redirect(request.referrer)
db.session.delete(user)
db.session.commit()
flash("Recored Deleted", category="addSuccess")
return redirect(request.referrer)
def modify_test(id):
if not authentication.is_admin(
) or authentication.get_csrf_token() != request.form["csrf_token"]:
abort(403)
input = request.form["input"]
output = request.form["output"]
if request.form["modbutton"] == "modify":
test_id = request.form["id"]
input_size = exerciseDAO.get_input_size(id)
if messages.input_formatter().fullmatch(input) and len(
input.split()) == input_size and output.isnumeric():
exerciseDAO.update_test(input, output, test_id)
elif request.form["modbutton"] == "delete":
test_id = request.form["id"]
exerciseDAO.remove_test(test_id)
elif request.form["modbutton"] == "new":
input_size = exerciseDAO.get_input_size(id)
create_new_test(id, input, output, input_size)
return redirect("/modifyexercise/" + str(id) + "/tests")
def deposit_money():
"""This function deposit money if the user is normal user."""
# redirct if user is already authenticated
if not is_authenticated() or is_admin():
return redirect(url_for('login'))
form = DepositMoneyForm()
if request.method == "GET":
return render_template("deposit.html", form=form)
else:
if form.validate():
current_user().balance += int(form.amount.data)
db.session.commit()
flash("Seccessfully Deposited", category="addSuccess")
if form.reciept.data:
Recipt.deposit_reciept(current_user().balance,
form.amount.data)
return redirect(url_for('deposit_money'))
else:
return render_template("deposit.html", form=form)
def profile():
"""This function edit normal user profile."""
# redirct if user is already authenticated
if not is_authenticated() or is_admin():
return redirect(url_for('login'))
form = UserUpdateForm()
pass_form = changePasswordForm()
user = current_user()
if request.method == "GET":
form.name.data = user.name
form.address.data = user.address
form.email.data = user.email
return render_template("edit_profile.html", form = form, \
pass_form = pass_form)
else:
if form.validate():
if not email_is_unique(UserModel, form.email.data, 'update'):
flash("email already taken", category="emailNotUnique")
return render_template("edit_profile.html",
form=form,
pass_form=pass_form)
if verify_password(form.password_verify.data):
user.name = form.name.data
user.address = form.address.data
user.email = form.email.data.lower()
db.session.commit()
flash("User Updated", category="addSuccess")
return redirect(url_for('profile'))
else:
flash("Invalid Password", category="passwordIncorrect")
return render_template("edit_profile.html",
form=form,
pass_form=pass_form)
else:
return render_template("edit_profile.html", form = form, \
pass_form = pass_form)
def admin_manage_profile():
"""This function return edit form in get reques and update info in post."""
if not is_authenticated() or not is_admin():
return redirect(url_for('login'))
form = AdminUpdateForm()
pass_form = changePasswordForm()
if request.method == "GET":
form.name.data = current_user().name if current_user() else ""
form.email.data = current_user().email if current_user() else ""
return render_template("admin/edit_profile_admin.html", form=form,
pass_form=pass_form
)
else:
if form.validate():
if not email_is_unique(AdminModel, form.email.data, 'update'):
flash("email already taken", category="emailNotUnique")
return render_template("admin/edit_profile_admin.html", form=form,
pass_form=pass_form
)
if verify_password(form.password_verify.data):
user = current_user()
user.name = form.name.data
user.email = form.email.data.lower()
db.session.commit()
flash("Admin Updated", category="addSuccess")
return redirect(url_for('admin_manage_profile'))
else:
flash("Invalid Password", category="passwordIncorrect")
return render_template("admin/edit_profile_admin.html", form=form,
pass_form=pass_form
)
else:
return render_template("admin/edit_profile_admin.html", form=form,
pass_form=pass_form
)
def get_menu_info(id):
heading = exerciseDAO.get_heading(id)
solved = is_solved(id)
admin = authentication.is_admin()
return (heading, solved, admin)
def index():
"""This function returns index page if user is a normal user."""
# redirct if user is already authenticated
if not is_authenticated() or is_admin():
return redirect(url_for('login'))
return render_template("index.html")
def show_new_exercise():
if not authentication.is_admin():
abort(403)
return render_template("exercises/admin/newexercise.html")