def login_history():
user_search_form = UserSearchForm()
if not current_user.role == Roles.admin:
abort(403)
if flask.request.method == "GET":
return render_template(
"login_history.html",
searched_user=current_user,
user=current_user,
form=user_search_form,
)
if flask.request.method == "POST":
if user_search_form.validate_on_submit():
searched_user = User.query.filter_by(
username=user_search_form.username.data).first()
searched_user_history = UserActivity.query.filter_by(
user_id=searched_user.id).all()
return render_template(
"login_history.html",
searched_user=current_user,
user=current_user,
queries=searched_user_history,
form=user_search_form,
)
def search_user(request):
form = UserSearchForm(request.REQUEST)
search_string = ''
if form.is_valid():
search_string = form.cleaned_data["search_string"]
if search_string :
qs = User.objects.filter(username__icontains = search_string)
else:
qs = User.objects.all()
paginator = Paginator(qs, 20)
# Grab page number from the HTTP GET parameters if present.
page_no = int(request.GET.get('page', '1'))
# See wether requested page is available at all from the paginator.
try:
current_page = paginator.page(page_no)
except (EmptyPage, InvalidPage):
current_page = paginator.page(paginator.num_pages)
if search_string:
form.fields["search_string"].initial = search_string
context = RequestContext(request, {
'form' : form,
'current_page' : current_page,
'search_string' : search_string,
'num_pages' : paginator.num_pages,
})
return render_to_response('profiles/search_user.html', context)
def discover():
# create user search form
form = UserSearchForm()
# create user follow form
formFollow = UserFollowForm()
# if valid input
if form.validate_on_submit():
# get data from user search form
searchUser = form.searchQuery.data
# construct and execute query
users_query = 'SELECT username,firstName,lastName,bio,profilePicPath FROM Person WHERE username LIKE "%{}%";'.format(
searchUser)
requests_query = 'SELECT Person.username,Follow.followstatus FROM Person JOIN Follow ON Person.username = Follow.username_followed WHERE Follow.username_follower = "{}";'.format(
session["username"])
users_x_requests = 'SELECT Person.username,Person.firstName,Person.lastName,Person.bio FROM Person WHERE Person.username in (SELECT Person.username from Person join Follow on Person.username = Follow.username_followed WHERE Follow.username_follower = "{}");'.format(
session["username"])
# fetch
users_data = queryFetchAll(users_query)
requests_data = queryFetchAll(requests_query)
uxr_data = queryFetchAll(users_x_requests)
# create dictionary with username:profile pic from users_data
users_pics = makeUsersPicsDict(users_data)
# remove profile pic path column from query result (for comparison with rows from the other queries)
users_data_no_profilePicPath = removePicCol(users_data)
# create dictionary with username:follow status from requests_data
users_status = makeUsersStatus(requests_data)
# check for data
if users_query:
return render_template('discover.html',
title='discover',
form=form,
formFollow=formFollow,
requests=getRequests(session["username"]),
users=users_data,
userPics=users_pics,
usersStatus=users_status,
uxr=uxr_data)
# no user found
flash("No users found.", 'info')
# create form for user requests management
formFollow = UserFollowForm()
return render_template('discover.html',
title='discover',
form=form,
requests=getRequests(session["username"]),
formFollow=formFollow)
def search_users():
form = UserSearchForm()
if form.validate_on_submit():
field = form.user_attributes.data
info = form.search_info.data
if field == "first_name":
users = User.query.filter(User.first_name.ilike(info)).all()
return render_template("users/search-results.html", users=users)
if field == "last_name":
users = User.query.filter(User.last_name.ilike(info)).all()
return render_template("users/search-results.html", users=users)
if field == "email":
users = User.query.filter(User.email.ilike(info)).all()
return render_template("users/search-results.html", users=users)
return render_template("users/user-search-list.html", form=form)
def optimize(id):
search = UserSearchForm(request.form)
# item = db_session.query(Item).get(id)
item = join_item_seller(db_session).filter(Item.id == id).first()
if request.method == 'POST':
buyer_name = search.data['search']
buyer = db_session.query(User).\
filter(User.name==buyer_name.lower()).\
filter(User.user_type=='Buyer').first()
if buyer:
baseline_rates = get_shipment(
from_address=f'{item.street}, {item.city}, ' \
f'{item.state}, {item.zip}, {item.country}',
to_address=f'{buyer.street}, {buyer.city}, ' \
f'{buyer.state}, {buyer.zip}, {buyer.country}')
similar_items = join_item_seller(db_session).filter(
Item.product.contains(item.product)).all()
results = get_shipping_options(buyer=buyer, items=similar_items)
else:
flash('Invalid buyer! Please register before placing any orders!')
return redirect(f'/buy/{id}')
else:
baseline_rates = []
similar_items = join_item_seller(db_session).filter(
Item.product.contains(item.product))
results = get_shipping_options(buyer=None, items=similar_items)
return render_template('optimize.html',
results=results,
form=search,
baseline_rates=baseline_rates)
def search_user(request):
"""This view let's users search for other users by username..."""
# TODO : fix unicode in request parameters.
# (Conrado says it is not allowed, google does it anyway ...)
# TODO FIXME XSS handle the way the search_string shows up in the page -
# since that is not handled cleanly/correctly at the moment.
if request.method == 'POST':
form = UserSearchForm(request.POST)
if form.is_valid():
search_string = form.cleaned_data["search_string"]
else:
search_string = u''
else:
form = UserSearchForm()
search_string = request.GET.get(u'search_string', u'')
if not search_string == u'':
qs = User.objects.filter(username__icontains=search_string)
else:
qs = User.objects.none()
paginator = Paginator(qs, 20)
# Grab page number from the HTTP GET parameters if present.
try:
page_no = int(request.GET.get('page', '1'))
except ValueError:
page_no = 1
# See wether requested page is available at all from the paginator.
try:
current_page = paginator.page(page_no)
except (EmptyPage, InvalidPage):
current_page = paginator.page(paginator.num_pages)
if search_string:
form.fields[
"search_string"].initial = search_string # TODO see wether this can be done more cleanly
context = RequestContext(
request, {
'form': form,
'current_page': current_page,
'search_string': search_string,
'num_pages': paginator.num_pages,
})
return render_to_response('profiles/search_user.html', context)
def query_history(qid=None):
user_search_form = UserSearchForm()
if flask.request.method == "GET":
spell_checker_queries = SpellCheck.query.filter_by(
user_id=current_user.id).all()
count = len(spell_checker_queries)
if qid is not None:
query = SpellCheck.query.filter_by(id=qid).first()
if not query.can_be_accessed_by(current_user):
abort(403)
else:
query = None
return render_template(
"spell_checker_history.html",
queries=spell_checker_queries,
count=count,
qid=qid,
searched_user=current_user,
user=current_user,
query=query,
form=user_search_form,
)
if flask.request.method == "POST":
if not current_user.role == Roles.admin:
abort(403)
if user_search_form.validate_on_submit():
searched_user = User.query.filter_by(
username=user_search_form.username.data).first()
searched_user_history = SpellCheck.query.filter_by(
user_id=searched_user.id)
return render_template(
"spell_checker_history.html",
queries=searched_user_history,
count=len(searched_user_history.all()),
searched_user=searched_user,
qid=qid,
user=current_user,
query=searched_user_history,
form=user_search_form,
)
def search_user(request):
"""This view let's users search for other users by username..."""
# TODO : fix unicode in request parameters.
# (Conrado says it is not allowed, google does it anyway ...)
# TODO FIXME XSS handle the way the search_string shows up in the page -
# since that is not handled cleanly/correctly at the moment.
if request.method == 'POST':
form = UserSearchForm(request.POST)
if form.is_valid():
search_string = form.cleaned_data["search_string"]
else:
search_string = u''
else:
form = UserSearchForm()
search_string = request.GET.get(u'search_string', u'')
if not search_string == u'':
qs = User.objects.filter(username__icontains = search_string)
else:
qs = User.objects.none()
paginator = Paginator(qs, 20)
# Grab page number from the HTTP GET parameters if present.
try:
page_no = int(request.GET.get('page', '1'))
except ValueError:
page_no = 1
# See wether requested page is available at all from the paginator.
try:
current_page = paginator.page(page_no)
except (EmptyPage, InvalidPage):
current_page = paginator.page(paginator.num_pages)
if search_string:
form.fields["search_string"].initial = search_string # TODO see wether this can be done more cleanly
context = RequestContext(request, {
'form' : form,
'current_page' : current_page,
'search_string' : search_string,
'num_pages' : paginator.num_pages,
})
return render_to_response('profiles/search_user.html', context)
def connect(request):
if request.method == 'POST':
email_form = EmailForm(request.POST)
search_form = UserSearchForm(request.POST)
email_form.is_valid()
search_form.is_valid()
address = email_form.cleaned_data['email']
searched_user = search_form.cleaned_data['lastName']
if address:
data = getoutput('echo "{}" >> emails && echo "Complete!"'.format(address)).split('\n')
return render(request, 'connect.html', {'email_form':email_form, 'email':True , 'data':data, 'search_form':search_form})
pass
elif searched_user:
regUsers = User.objects.raw('SELECT * from auth_user where last_name like "%%{}%%";'.format(searched_user))
return render(request, 'connect.html', {'email_form':email_form, 'regUsers':regUsers, 'search_form':search_form})
else:
return render(request, 'connect.html', {'email_form':email_form, 'search_form':search_form})
else:
email_form = EmailForm()
search_form = UserSearchForm()
return render(request, 'connect.html', {'email_form':email_form, 'search_form':search_form})
def search():
error = None
if g.username:
username = g.username
search = UserSearchForm(request.form)
if request.method == 'POST':
return searchResults(search)
img_url = url_for('static', filename='profile/' + username + '.jpg')
return render_template('searchResults.html',
img_url=img_url,
search=search,
username=g.username)
else:
error = 'Please sign in before accessing this page!'
return render_template('index.html', error=error)
img_url = url_for('static', filename='profile/' + username + '.jpg')
return render_template('search.html',
form=search,
img_url=img_url,
error=error)
def connect(request):
if request.method == 'POST':
email_form = EmailForm(request.POST)
search_form = UserSearchForm(request.POST)
email_form.is_valid()
search_form.is_valid()
address = email_form.cleaned_data['email']
searched_user = search_form.cleaned_data['lastName']
if address:
data = getoutput('echo "{}" >> emails && echo "Complete!"'.format(
address)).split('\n')
return render(
request, 'connect.html', {
'email_form': email_form,
'email': True,
'data': data,
'search_form': search_form
})
pass
elif searched_user:
regUsers = User.objects.raw(
'SELECT * from auth_user where last_name like "%%{}%%";'.
format(searched_user))
return render(
request, 'connect.html', {
'email_form': email_form,
'regUsers': regUsers,
'search_form': search_form
})
else:
return render(request, 'connect.html', {
'email_form': email_form,
'search_form': search_form
})
else:
email_form = EmailForm()
search_form = UserSearchForm()
return render(request, 'connect.html', {
'email_form': email_form,
'search_form': search_form
})
def home():
form = UserSearchForm()
if request.method == 'POST':
return 'Form posted.'
elif request.method == 'GET':
return render_template('home.html', form=form)
