def history():
if current_user.get_is_admin():
users = User.query.all()
form = AdminQuery()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
username = user.username
user_id = user.id
numqueries = Post.query.filter_by(user_id=user_id).count()
posts = Post.query.filter_by(user_id=user_id)
return render_template('history.html',
posts=posts,
userquery=username,
user_id=user_id,
numqueries=numqueries)
return render_template('admin.html', form=form, users=users)
else:
numqueries = Post.query.filter_by(user_id=session['user_id']).count()
posts = Post.query.filter_by(user_id=session['user_id'])
username = session['username']
user_id = session['user_id']
return render_template('history.html',
posts=posts,
numqueries=numqueries,
user_id=user_id,
userquery=username)
def add_faculty():
if not current_user.get_is_admin(
): #if the user is not admin, then give an error message if the user tries to access admin pages
abort(401)
if request.method == 'POST':
facultyName = request.form['InputFacultyName']
facultyCode = request.form['InputFacultyCode']
formType = request.form['form-name']
if formType == "AddFaculty":
with dbapi2.connect(current_app.config['dsn']) as connection:
newFaculty = Faculty(facultyName, facultyCode)
cursor = connection.cursor()
query = """INSERT INTO FACULTIES(FACULTYNAME, FACULTYCODE) VALUES (%s, %s)"""
cursor.execute(
query, (newFaculty.facultyName, newFaculty.facultyCode))
connection.commit()
if formType == "AddFacultyUpdate":
formID = request.form['faculty-id']
with dbapi2.connect(current_app.config['dsn']) as connection:
faculty = Faculty(facultyName, facultyCode)
cursor = connection.cursor()
query = """UPDATE FACULTIES SET FACULTYNAME=%s, FACULTYCODE=%s WHERE ID=%s"""
cursor.execute(
query, (faculty.facultyName, faculty.facultyCode, formID))
connection.commit()
return redirect((url_for('site.AddFaculty')))
else:
with dbapi2.connect(current_app.config['dsn']) as connection:
cursor = connection.cursor()
query = """SELECT FACULTYCODE, FACULTYNAME, ID FROM FACULTIES"""
cursor.execute(query)
connection.commit()
faculties = cursor.fetchall()
return render_template("add_faculty.html", faculties=faculties)
def query(post_id):
try:
post = Post.query.get(post_id)
post_author = post.get_author()
if post_author == current_user.username or current_user.get_is_admin():
return render_template("queryid.html", post=post)
else:
return render_template("forbidden.html")
except:
return render_template("forbidden.html")
def post(queryid):
user = Post.query.filter_by(id=queryid).first()
if user.user_id == session['user_id']:
posts = Post.query.filter_by(id=queryid)
return render_template('query.html', posts=posts)
elif current_user.get_is_admin():
posts = Post.query.filter_by(id=queryid)
return render_template('query.html', posts=posts)
else:
return render_template('noauth.html')
def login_history():
if current_user.get_is_admin():
form = LoginHistory()
users = User.query.all()
if form.validate_on_submit():
user = User.query.get(form.userid.data)
return render_template("admin.html",
title="Admin Panel",
form=form,
users=users,
user=user)
return render_template('admin.html',
title="Admin Panel",
form=form,
users=users)
else:
return render_template('forbidden.html')
def login_history():
if current_user.get_is_admin():
histories = LoginHistory.query.all()
form = HistoryForm()
if form.validate_on_submit():
user = LoginHistory.query.filter_by(
user_id=form.user_id.data).first()
user_id = user.user_id
history = LoginHistory.query.filter_by(user_id=form.user_id.data)
return render_template('admin_view.html',
histories=histories,
history=history,
user_id=user_id)
return render_template('login_history.html',
form=form,
histories=histories)
else:
return render_template('noauth.html')
def history():
if current_user.get_is_admin():
users = User.query.all()
form = QueryHistory()
if form.validate_on_submit():
requested_user = User.query.filter_by(
username=form.username.data).first()
requested_user_posts = requested_user.post.all()
return render_template('history.html',
posts=requested_user_posts,
user=requested_user)
return render_template('admin_history.html', form=form, users=users)
else:
posts = current_user.post.all()
title = current_user.username + "'s Submission History"
return render_template('history.html',
title=title,
posts=posts,
user=current_user)