def register():
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure name was submitted by the manager
if not request.form.get("full_name"):
return manager_apology("Missing name")
# Ensure email address was submitted
if not request.form.get("email"):
return manager_apology("Missing email address")
# Ensure password was submitted
if not request.form.get("password"):
return manager_apology("Missing password")
# Ensure password was confirmed and passwords match
if not request.form.get("confirmation") or request.form.get(
"password") != request.form.get("confirmation"):
return manager_apology("Passwords don't match")
# Hash the password provided by the user (manager)
hashed_password = generate_password_hash(request.form.get("password"))
# Insert the new user (manager) (i.e. full name, email address, hashed password, type of user) to the table "user" of the database
result = db.execute(
"INSERT INTO users (manager_name, email_address, hash, manager_or_employee) \
VALUES (:manager_name, :email_address, :hashed_password, 'manager')",
manager_name=request.form.get("full_name"),
email_address=request.form.get("email"),
hashed_password=hashed_password)
# Apologise with the message "Email is not available" if the provided email address already exists in the table "users"
if not result:
return manager_apology("Email is not available")
# Log the new user (manager) in by storing his/her id number in sessions
id_ = db.execute(
"SELECT id FROM users WHERE email_address = :email_address",
email_address=request.form.get("email"))
session["user_id"] = id_[0]["id"]
# Redirect the new user (manager) to the homepage for managers
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def login():
# Forget any user_id
session.clear()
# User reached route via POST
if request.method == "POST":
# Ensure email address was submitted
if not request.form.get("email"):
return manager_apology("must provide email address", 403)
# Ensure password was submitted
elif not request.form.get("password"):
return manager_apology("must provide password", 403)
# Query database for username
rows = db.execute(
"SELECT * FROM users WHERE email_address = :email_address",
email_address=request.form.get("email"))
# Ensure username exists and password is correct
if len(rows) != 1 or not check_password_hash(
rows[0]["hash"], request.form.get("password")):
return manager_apology("invalid email address and/or password",
403)
# Remember which user has logged in
session["user_id"] = rows[0]["id"]
# If user is manager, redirect user to the homepage for managers
if rows[0]["manager_or_employee"] == "manager":
return redirect("/")
# If user is employee, redirect user to the homepage for employees
if rows[0]["manager_or_employee"] == "employee":
return redirect("/employee_index")
# User reached route via GET
else:
return render_template("login.html")
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return manager_apology(e.name, e.code)
def employee_provide_feedback():
# User reached route via POST
if request.method == "POST":
# Store the id of the manager to be assessed in the variable "feedbackee_id_"
feedbackee_id = db.execute(
"SELECT id_of_manager_to_be_assessed FROM users WHERE id=:id_",
id_=session['user_id'])
feedbackee_id_ = feedbackee_id[0]["id_of_manager_to_be_assessed"]
# Insert the values of the feedback form into the table "surveyanswers"
db.execute(
"INSERT INTO surveyanswers(feedbacker_id, feedbackee_id, Q1, Q2, Q3, Q4, Q5, Q6, Q7, Q8, Q9, Q10, Q11, \
Q12, Q13, Q14, Q15, Q16, Q17, Q18, Q19, Q20, Q21, Q22, Q23, Q24, Q25, Q26, Q27, Q28, Q29, Q30, Q31, Q32, \
Q33, Q34, Q35, Q36, Q37, Q38, Q39, Q40) VALUES (:feedbacker_id, :feedbackee_id, :Q1, :Q2, :Q3, :Q4, :Q5, \
:Q6, :Q7, :Q8, :Q9, :Q10, :Q11, :Q12, :Q13, :Q14, :Q15, :Q16, :Q17, :Q18, :Q19, :Q20, :Q21, :Q22, :Q23, \
:Q24, :Q25, :Q26, :Q27, :Q28, :Q29, :Q30, :Q31, :Q32, :Q33, :Q34, :Q35, :Q36, :Q37, :Q38, :Q39, :Q40)",
feedbacker_id=session['user_id'],
feedbackee_id=feedbackee_id_,
Q1=request.form.get("Q1"),
Q2=request.form.get("Q2"),
Q3=request.form.get("Q3"),
Q4=request.form.get("Q4"),
Q5=request.form.get("Q5"),
Q6=request.form.get("Q6"),
Q7=request.form.get("Q7"),
Q8=request.form.get("Q8"),
Q9=request.form.get("Q9"),
Q10=request.form.get("Q10"),
Q11=request.form.get("Q11"),
Q12=request.form.get("Q12"),
Q13=request.form.get("Q13"),
Q14=request.form.get("Q14"),
Q15=request.form.get("Q15"),
Q16=request.form.get("Q16"),
Q17=request.form.get("Q17"),
Q18=request.form.get("Q18"),
Q19=request.form.get("Q19"),
Q20=request.form.get("Q20"),
Q21=request.form.get("Q21"),
Q22=request.form.get("Q22"),
Q23=request.form.get("Q23"),
Q24=request.form.get("Q24"),
Q25=request.form.get("Q25"),
Q26=request.form.get("Q26"),
Q27=request.form.get("Q27"),
Q28=request.form.get("Q28"),
Q29=request.form.get("Q29"),
Q30=request.form.get("Q30"),
Q31=request.form.get("Q31"),
Q32=request.form.get("Q32"),
Q33=request.form.get("Q33"),
Q34=request.form.get("Q34"),
Q35=request.form.get("Q35"),
Q36=request.form.get("Q36"),
Q37=request.form.get("Q37"),
Q38=request.form.get("Q38"),
Q39=request.form.get("Q39"),
Q40=request.form.get("Q40"))
# Ensure all questions have been answered
if not request.form.get("Q1") or not request.form.get("Q2") or not request.form.get("Q3") or not request.form.get("Q4") \
or not request.form.get("Q5") or not request.form.get("Q6") or not request.form.get("Q7") or not request.form.get("Q8") \
or not request.form.get("Q9") or not request.form.get("Q10") or not request.form.get("Q11") or not request.form.get("Q12") \
or not request.form.get("Q13") or not request.form.get("Q14") or not request.form.get("Q15") or not request.form.get("Q16") \
or not request.form.get("Q17") or not request.form.get("Q18") or not request.form.get("Q19") or not request.form.get("Q20") \
or not request.form.get("Q21") or not request.form.get("Q22") or not request.form.get("Q23") or not request.form.get("Q24") \
or not request.form.get("Q25") or not request.form.get("Q26") or not request.form.get("Q27") or not request.form.get("Q28") \
or not request.form.get("Q29") or not request.form.get("Q30") or not request.form.get("Q31") or not request.form.get("Q32") \
or not request.form.get("Q33") or not request.form.get("Q34") or not request.form.get("Q35") or not request.form.get("Q36") \
or not request.form.get("Q37") or not request.form.get("Q38") or not request.form.get("Q39") or not request.form.get("Q49"):
return manager_apology("Please answer all questions!")
# Render employee provide feedback success form
return render_template("employee_provide_feedback_success.html")
# User reached route via GET
else:
# Query database whether the logged-in user has already submitted feedback
feedbacker_id_ = db.execute(
"SELECT feedbacker_id FROM surveyanswers WHERE feedbacker_id=:feedbacker_id",
feedbacker_id=session['user_id'])
# If the logged-in employee did not provide feedback so far, do the below:
if not feedbacker_id_:
# Query the database for the name of the manager to be assessed and store it in the variable "manager_name_"
id_of_manager_to_be_assessed = db.execute(
"SELECT id_of_manager_to_be_assessed FROM users WHERE id=:id_",
id_=session['user_id'])
id_of_manager_to_be_assessed_ = id_of_manager_to_be_assessed[0][
"id_of_manager_to_be_assessed"]
manager_name = db.execute(
"SELECT manager_name FROM users WHERE id=:id_of_manager_to_be_assessed_",
id_of_manager_to_be_assessed_=id_of_manager_to_be_assessed_)
manager_name_ = manager_name[0]["manager_name"]
# Render employee provide feedback form
return render_template("employee_provide_feedback.html",
manager_name_=manager_name_)
# If the logged-in employee has already provided feedback, render employee feedback already submitted form
else:
return render_template("employee_feedback_already_submitted.html")
def manager_self_assessment():
# User reached route via POST
if request.method == "POST":
# Insert the values of the self-assessment form into the table "surveyanswers"
db.execute(
"INSERT INTO surveyanswers(feedbacker_id, feedbackee_id, Q1, Q2, Q3, Q4, Q5, Q6, Q7, Q8, Q9, Q10, Q11, Q12, Q13, Q14, Q15, \
Q16, Q17, Q18, Q19, Q20, Q21, Q22, Q23, Q24, Q25, Q26, Q27, Q28, Q29, Q30, Q31, Q32, Q33, Q34, Q35, Q36, \
Q37, Q38, Q39, Q40) VALUES (:feedbacker_id, :feedbackee_id, :Q1, :Q2, :Q3, :Q4, :Q5, :Q6, :Q7, :Q8, :Q9, :Q10, \
:Q11, :Q12, :Q13, :Q14, :Q15, :Q16, :Q17, :Q18, :Q19, :Q20, :Q21, :Q22, :Q23, :Q24, :Q25, :Q26, :Q27, \
:Q28, :Q29, :Q30, :Q31, :Q32, :Q33, :Q34, :Q35, :Q36, :Q37, :Q38, :Q39, :Q40)",
feedbacker_id=session['user_id'],
feedbackee_id=session['user_id'],
Q1=request.form.get("Q1"),
Q2=request.form.get("Q2"),
Q3=request.form.get("Q3"),
Q4=request.form.get("Q4"),
Q5=request.form.get("Q5"),
Q6=request.form.get("Q6"),
Q7=request.form.get("Q7"),
Q8=request.form.get("Q8"),
Q9=request.form.get("Q9"),
Q10=request.form.get("Q10"),
Q11=request.form.get("Q11"),
Q12=request.form.get("Q12"),
Q13=request.form.get("Q13"),
Q14=request.form.get("Q14"),
Q15=request.form.get("Q15"),
Q16=request.form.get("Q16"),
Q17=request.form.get("Q17"),
Q18=request.form.get("Q18"),
Q19=request.form.get("Q19"),
Q20=request.form.get("Q20"),
Q21=request.form.get("Q21"),
Q22=request.form.get("Q22"),
Q23=request.form.get("Q23"),
Q24=request.form.get("Q24"),
Q25=request.form.get("Q25"),
Q26=request.form.get("Q26"),
Q27=request.form.get("Q27"),
Q28=request.form.get("Q28"),
Q29=request.form.get("Q29"),
Q30=request.form.get("Q30"),
Q31=request.form.get("Q31"),
Q32=request.form.get("Q32"),
Q33=request.form.get("Q33"),
Q34=request.form.get("Q34"),
Q35=request.form.get("Q35"),
Q36=request.form.get("Q36"),
Q37=request.form.get("Q37"),
Q38=request.form.get("Q38"),
Q39=request.form.get("Q39"),
Q40=request.form.get("Q40"))
# Ensure all questions have been answered
if not request.form.get("Q1") or not request.form.get("Q2") or not request.form.get("Q3") or not request.form.get("Q4") \
or not request.form.get("Q5") or not request.form.get("Q6") or not request.form.get("Q7") or not request.form.get("Q8") \
or not request.form.get("Q9") or not request.form.get("Q10") or not request.form.get("Q11") or not request.form.get("Q12") \
or not request.form.get("Q13") or not request.form.get("Q14") or not request.form.get("Q15") or not request.form.get("Q16") \
or not request.form.get("Q17") or not request.form.get("Q18") or not request.form.get("Q19") or not request.form.get("Q20") \
or not request.form.get("Q21") or not request.form.get("Q22") or not request.form.get("Q23") or not request.form.get("Q24") \
or not request.form.get("Q25") or not request.form.get("Q26") or not request.form.get("Q27") or not request.form.get("Q28") \
or not request.form.get("Q29") or not request.form.get("Q30") or not request.form.get("Q31") or not request.form.get("Q32") \
or not request.form.get("Q33") or not request.form.get("Q34") or not request.form.get("Q35") or not request.form.get("Q36") \
or not request.form.get("Q37") or not request.form.get("Q38") or not request.form.get("Q39") or not request.form.get("Q49"):
return manager_apology("Please answer all questions!")
# Render manager self-assessment form
return render_template("manager_self_assessment_success.html")
# User reached route via GET
else:
# Query database whether the manager has already submitted his/her self-assessment
feedbacker_ids = db.execute(
"SELECT feedbacker_id FROM surveyanswers WHERE feedbacker_id=:feedbacker_id",
feedbacker_id=session['user_id'])
# If manager has not assessed himself so far, render self-assessment form
if not feedbacker_ids:
return render_template("manager_self_assessment.html")
# If manager has already assessed himself, render self assessment already submitted form
else:
return render_template(
"manager_self_assessment_already_submitted.html")
def manager_request_feedback():
# User reached route via POST
if request.method == "POST":
# Create random password for the requested employee (for employee login) and store it in the variable "random_[...]_requested_employee"
password_length = 12
random_password_for_requested_employee = ''.join(
choice(ascii_uppercase + digits) for i in range(password_length))
# Hash the password and store it in the variable "hashed_password"
hashed_password = generate_password_hash(
random_password_for_requested_employee)
# Insert the requested employee (i.e. email address, hashed password, type of user, id of his/her manager) in the table "users"
result = db.execute(
"INSERT INTO users (email_address, hash, manager_or_employee, id_of_manager_to_be_assessed) \
VALUES (:email_address, :hashed_password, 'employee', :id_of_manager_to_be_assessed)",
email_address=request.form.get("email"),
hashed_password=hashed_password,
id_of_manager_to_be_assessed=session['user_id'])
# Ensure employee has not already been requested by the logged-in manager (or another manager)
if not result:
return manager_apology(
"A request has already been sent to this email address")
# Store the content of the email (i.e. login credentials) which will be sent to the requested employee in the variables part1, part2
# And part3
a = "Dear Sir or Madam, \n\n this is a request to provide feedback for Mr/Mrs "
b = db.execute("SELECT manager_name FROM users WHERE id=:id_",
id_=session['user_id'])
b_ = b[0]["manager_name"]
c = ". Please click on the link below to start the process. \n\n Your login credentials are: \n Email address: "
d = request.form.get("email")
e = "\n Password: "******"\n\n"
part1__ = [a, b_, c, d, e, f, g]
part1_ = "".join(part1__)
part1 = MIMEText(part1_, 'plain')
part2 = MIMEText(
u'<a href="http://ide50-morrisgunther.cs50.io:8080/">XXXwww.anmoleadership.com</a>',
'html')
part3_ = "\n\n Sincerely, \n Your ANMO Team"
part3 = MIMEText(part3_, 'plain')
# Store the from address, to address, subject as well as gmail account and password of sender in corresponding variables
sent_from = '*****@*****.**'
to = request.form.get("email")
msg = MIMEMultipart('multipart')
msg.attach(part1)
msg.attach(part2)
msg.attach(part3)
msg['Subject'] = 'Feedback request for your manager'
msg['From'] = sent_from
msg['To'] = to
gmail_user = '******'
gmail_password = '******'
# Set up gmail server, login and send email to requested emplyoee
server = smtplib.SMTP("smtp.gmail.com", 587)
server.starttls()
server.login(gmail_user, gmail_password)
server.sendmail(sent_from, to, msg.as_string())
# Redirect user (manager) to request feedback form
return redirect("/manager_request_feedback")
# User reached route via GET
else:
# Query database for the email addresses requested by the logged-in manager
email_addresses = db.execute(
"SELECT email_address FROM users WHERE id_of_manager_to_be_assessed=:id_of_manager_to_be_assessed",
id_of_manager_to_be_assessed=session['user_id'])
# Render request feedback form
return render_template("manager_request_feedback.html",
email_addresses=email_addresses)