def history(): if current_user.get_is_admin(): users = User.query.all() form = AdminQuery() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() username = user.username user_id = user.id numqueries = Post.query.filter_by(user_id=user_id).count() posts = Post.query.filter_by(user_id=user_id) return render_template('history.html', posts=posts, userquery=username, user_id=user_id, numqueries=numqueries) return render_template('admin.html', form=form, users=users) else: numqueries = Post.query.filter_by(user_id=session['user_id']).count() posts = Post.query.filter_by(user_id=session['user_id']) username = session['username'] user_id = session['user_id'] return render_template('history.html', posts=posts, numqueries=numqueries, user_id=user_id, userquery=username)
def add_faculty(): if not current_user.get_is_admin( ): #if the user is not admin, then give an error message if the user tries to access admin pages abort(401) if request.method == 'POST': facultyName = request.form['InputFacultyName'] facultyCode = request.form['InputFacultyCode'] formType = request.form['form-name'] if formType == "AddFaculty": with dbapi2.connect(current_app.config['dsn']) as connection: newFaculty = Faculty(facultyName, facultyCode) cursor = connection.cursor() query = """INSERT INTO FACULTIES(FACULTYNAME, FACULTYCODE) VALUES (%s, %s)""" cursor.execute( query, (newFaculty.facultyName, newFaculty.facultyCode)) connection.commit() if formType == "AddFacultyUpdate": formID = request.form['faculty-id'] with dbapi2.connect(current_app.config['dsn']) as connection: faculty = Faculty(facultyName, facultyCode) cursor = connection.cursor() query = """UPDATE FACULTIES SET FACULTYNAME=%s, FACULTYCODE=%s WHERE ID=%s""" cursor.execute( query, (faculty.facultyName, faculty.facultyCode, formID)) connection.commit() return redirect((url_for('site.AddFaculty'))) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT FACULTYCODE, FACULTYNAME, ID FROM FACULTIES""" cursor.execute(query) connection.commit() faculties = cursor.fetchall() return render_template("add_faculty.html", faculties=faculties)
def query(post_id): try: post = Post.query.get(post_id) post_author = post.get_author() if post_author == current_user.username or current_user.get_is_admin(): return render_template("queryid.html", post=post) else: return render_template("forbidden.html") except: return render_template("forbidden.html")
def post(queryid): user = Post.query.filter_by(id=queryid).first() if user.user_id == session['user_id']: posts = Post.query.filter_by(id=queryid) return render_template('query.html', posts=posts) elif current_user.get_is_admin(): posts = Post.query.filter_by(id=queryid) return render_template('query.html', posts=posts) else: return render_template('noauth.html')
def login_history(): if current_user.get_is_admin(): form = LoginHistory() users = User.query.all() if form.validate_on_submit(): user = User.query.get(form.userid.data) return render_template("admin.html", title="Admin Panel", form=form, users=users, user=user) return render_template('admin.html', title="Admin Panel", form=form, users=users) else: return render_template('forbidden.html')
def login_history(): if current_user.get_is_admin(): histories = LoginHistory.query.all() form = HistoryForm() if form.validate_on_submit(): user = LoginHistory.query.filter_by( user_id=form.user_id.data).first() user_id = user.user_id history = LoginHistory.query.filter_by(user_id=form.user_id.data) return render_template('admin_view.html', histories=histories, history=history, user_id=user_id) return render_template('login_history.html', form=form, histories=histories) else: return render_template('noauth.html')
def history(): if current_user.get_is_admin(): users = User.query.all() form = QueryHistory() if form.validate_on_submit(): requested_user = User.query.filter_by( username=form.username.data).first() requested_user_posts = requested_user.post.all() return render_template('history.html', posts=requested_user_posts, user=requested_user) return render_template('admin_history.html', form=form, users=users) else: posts = current_user.post.all() title = current_user.username + "'s Submission History" return render_template('history.html', title=title, posts=posts, user=current_user)