def deleteNoteID(NoteID): sessionUser = checkCookiesSessionUser(); response.content_type = 'application/json'; returnedMessage = { "NoteID" : NoteID, "valid" : "false", "deleted": "false", "status" : "You're not allowed to do this action" } if (sessionUser == None): return json.dumps(returnedMessage); note = db.getNotebyNoteID(NoteID); if (note == None): returnedMessage["deleted"] = "false"; returnedMessage["status"] = "This note doesn't exist on our system or has changed location"; return json.dumps(returnedMessage); # The note doesn't exist on our database userID_note = note['UserID']; userID_session = sessionUser['UserID']; if (userID_note == userID_session): if (db.deleteNote(NoteID)): returnedMessage['valid'] = 'true'; returnedMessage['deleted'] = "true"; returnedMessage['status'] = "We have deleted your note!"; else: returnedMessage['deleted'] = "false"; returnedMessage['status'] = "You're not allowed to delete this note."; return json.dumps(returnedMessage);
def updateNotebyID(NoteID): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectHome(); newTitle = request.forms.get('titleNote'); newContent = request.forms.get('contentNote'); updatedTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S'); #Update fields for the note before inserting into database.. note = db.getNotebyNoteID(NoteID); #get note object from the previous note. note['Title'] = newTitle; note['Content'] = newContent; note['EditedAt'] = updatedTime; note['Color'] = request.forms.get('colorNote'); note['Private'] = request.forms.get('privateNote'); note['Published']= int(request.forms.get('publishedNote')); if db.updateNote(note): #update the note into the database. response.status = 303 user = db.getUserbyID(note['UserID']) response.set_header('Location', '/'+user['Username']+'/'+note['Permalink']); return template('singleNote', note=note, user=user); #Show login screen return template('singleNote', note=note, user=user); else: #problems updating note. return template('error', user=sessionUser)
def userProfile(): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectHome(); user = db.getUserbyID(sessionUser['UserID']); notes = db.getNotesByUserID(user['UserID']); if user != None: return template("profile", user=user, notes=notes); else: return redirectLogin();
def profile(username): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectHome(); user = db.getUserbyUsername(username); if user != None and user['UserID'] == sessionUser['UserID']: # if user and session is the same as the query user notes = db.getNotesByUserID(user['UserID']); return template('notes', searchTemplate=False, notes=notes, user=user); # Show the notes for that user! else: return redirectPrivateZone(); # Users are not ALLOWED
def searchOnNotes(): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return template('login', user=None) user = db.getUserbyID(sessionUser['UserID']) if (user != None): Keyword = request.forms.get('query'); notes = db.searchNotesFromUser(Keyword, sessionUser['UserID']); return template('notes', Keyword=Keyword, searchTemplate=True, notes=notes, user=user); else: return redirectHome();
def displayNoteToBeupdated(Username, Permalink): sessionUser = checkCookiesSessionUser(); if sessionUser == None: return template('login', user=sessionUser) note = db.getNoteby_Username_Permalink(Username, Permalink); if note == None: return redirectHome(); if sessionUser['UserID'] == note['UserID']: colors = db.getColorsAvailable(); # get all the available colors return template('createNote', note=note, colors=colors,user=sessionUser, editNote=True) return redirectPrivateZone(); # Private note. Guest can't read this note
def registerUserDatabase(): sessionUser = checkCookiesSessionUser(); if (sessionUser != None): return redirectHome(); # Dictionary with information for new user (following database model) password = encryptPassword(request.forms.get('passwordsignup')) newUser = { "UserID": None, "Email" : request.forms.get('emailsignup'), "Password" : password, "Name": request.forms.get('namesignup'), "Surname": request.forms.get('surnamesignup'), "Username": request.forms.get('usernamesignup'), "Birthday": request.forms.get('birthdaysignup'), "City": request.forms.get('citysignup'), "Premium": 0 } created = db.createUser(newUser); if created: # user created successfully return template('signup-success', user=sessionUser); else: return template('signup-fail', user=None);
def getNodeByID_api(NoteID): sessionUser = checkCookiesSessionUser(); errorNote = { "NoteID" : NoteID, "valid": "false", "status": "notExist"} note = db.getNotebyNoteID(NoteID); response.content_type = 'application/json'; if (note != None): if note['Private'] == 0 or (note['Private'] == 1 and sessionUser['UserID'] == note['UserID']): # Is a public note or session user is the owner. note['valid'] = "true"; note['status'] = "OK"; return json.dumps(note); # return a not empty note. else: errorNote['valid'] = "false"; errorNote['status'] = "You don't permissions to see this content. Sorry."; else: errorNote['valid'] = "false"; errorNote['status'] = "The note you're trying to read doesn't exist or was removed."; return json.dumps(errorNote); # return error note. if (sessionUser['UserID'] != note['UserID']): errorNote['status'] = "You don't permissions to see this content. Sorry."; return json.dumps(errorNote); elif (note == None): errorNote['status'] = "The note you're trying to read doesn't exist or was removed."; return json.dumps(errorNote); else: # At this point the user is the correct one and the note is not None note['valid'] = "true"; errorNote['status'] = "OK"; response.content_type = 'application/json' return json.dumps(note);
def getColorsAvailable(): colors = []; response.content_type = 'application/json'; colors = db.getColorsAvailable(); #print colors; return json.dumps(colors);
def createNoteForm(): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectLogin(); note = {} # Empty dictionary. Because template for createNote is used also by Edit Note colors = db.getColorsAvailable(); # Get colors on our database. return template('createNote', note=note, colors=colors, editNote=False, user=sessionUser)
def editSessionUser(): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectLogin(); user = db.getUserbyID(sessionUser['UserID']); user['Name'] = request.forms.get('namesignup'); user['Surname'] = request.forms.get('surnamesignup'); user['Birthday'] = request.forms.get('birthdaysignup'); user['City'] = request.forms.get('citysignup'); if db.updateUser(user): notes = db.getNotesByUserID(user['UserID']); return template("profile", notes=notes, user=user); else: return template("profile-update-fail", user=sessionUser);
def showFormToEditUser(): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectHome(); user = db.getUserbyID(sessionUser['UserID']); # Get a user dictionary if user != None and sessionUser['UserID'] == user['UserID']: # if the user exists. return template("signup", user=user, editUser=True); else: return redirectHome();
def checkCookiesSessionUser(): sessionUser = None; sessionEmail = request.get_cookie("Email", secret="secret123") sessionUserID = request.get_cookie("UserID", secret="secret123") if (sessionEmail == None or sessionUserID == None): return None; # Cookies doesn't match identifiedUser = db.getUserbyID(sessionUserID); # Return identified user. If the user was removed from our system, will return null user. return identifiedUser;
def deleteNoteID(NoteID): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return template('login') note = db.getNotebyNoteID(NoteID); if (note == None): return redirectHome(); # The note doesn't exist on our database userID_note = note['UserID']; userID_session = sessionUser['UserID']; if (userID_note == userID_session): if (db.deleteNote(NoteID)): return template('note-deleted', user=sessionUser); else: return "Problems deleting that note<a href='/'>Go to your profile</a>" return template('error') else: return redirectPrivateZone(); # Private note. Guest can't read this note
def displayNote(Username, Permalink): sessionUser = checkCookiesSessionUser(); note = db.getNoteby_Username_Permalink(Username, Permalink); if (note == None): return redirectHome(); #return "The note you're trying to read dont exist"; if sessionUser == None: if int(note['Private']) == 0: #Gues user. Only shows the note if is public return template('singleNote', note=note, user=sessionUser); if sessionUser != None: # For logged in users. They can read "Public" notes and those notes owned by them if int(note['Private']) == 0 or sessionUser['UserID'] == note['UserID']: #la NOTa es publica o el usuario esta conectado return template('singleNote', note=note, user=sessionUser); return redirectPrivateZone(); # Not allowd to see this content
def login(): sessionUser = checkCookiesSessionUser(); email = request.forms.get('email'); password = request.forms.get('password'); user = db.getUserbyEmail(email); if user == None: return template('login-fail', user=None, failError="<span>User not registered on our system.</span><span>Want a free acount? <a href='/register'>Create yours</a></span>"); return "There's no any user with that email. <p><a href='/login'>Try again </a></p>"; if verifyPassword(password, user['Password']): setCookiesSessionUser(user); #password verified. Set the cookies for the session return redirectToProfile(user['Username']); else: return template('login-fail', user=None, failError="Your email/password doesn't match"); return "Your password is not correct <p><a href='/login'>Try again </a></p>";
def createnewNote(api): sessionUser = checkCookiesSessionUser(); errorNote = { # only for the api... "error" : True, "message" : "You're not allowed to do this...", } if (sessionUser == None): if (api): response.content_type = 'application/json'; return json.dumps(errorNote); else: return template('login', user=None) title = cleanTitle(request.forms.get('titleNote')); content = cleanContent(request.forms.get('contentNote')); permalink = generatePermalink(title); today = getToday(); color = request.forms.get('colorNote'); private = int(request.forms.get('privateNote')); published = int(request.forms.get('publishedNote')); newNote = { # only for the api... "error" : True, "message" : "Note was not created successfully", "NoteID" : None, "UserID" : sessionUser['UserID'], "Title" : title, # Truncate title to 200 words "Permalink" : permalink, "Content" : content, # Truncate title to 200 words "CreatedAt" : today, "EditedAt" : today, "Published" : published, "Private" : private, "Color" : color } createdNote = db.createNote(newNote); if createdNote != None: if api: response.content_type = 'application/json'; colorToHEX = db.colorToHexadecimal(createdNote['Color']); #print colorToHEX newNote['ColorHexadecimal'] = colorToHEX; newNote['message'] = "Note created successfully" newNote['error'] = False; return json.dumps(newNote); else: return template('note-created', user=sessionUser); response.status = 303 response.set_header('Location', '/'+ sessionUser['Username']); else: if api: response.content_type = 'application/json'; return json.dumps(newNote); else: return template('createNote', note=newNote, colors=None, user=sessionUser, editNote=False)