def favorite_houses():
if not authenticated(session):
abort(401)
else:
conn = connection()
houses = User.favorite_houses(conn, session['user']['id'])
return render_template("houses/all_houses.html", title="Tu lista de favoritos", houses=houses)
def add_like():
data = request.get_json()
id_user = data['id_user']
id_house = data['id_house']
if(id_user == "" or id_user == None):
abort(404)
if(id_house == "" or id_house == None):
abort(404)
conn = connection()
#Verify if the user or house exist
if not User.find_by_id(conn, id_user):
abort(404)
if not House.find_by_id(conn, id_house):
abort(404)
if House.was_sold(conn, id_house):
abort(404)
#If the user has liked the house before
if (House.verify_like(conn, id_user, id_house)):
House.remove_like(conn, id_user, id_house)
else:
#If the user has disliked the house before
if (House.verify_dislike(conn, id_user, id_house)):
House.remove_dislike(conn, id_user, id_house)
House.add_like(conn, id_user, id_house)
stars = update_stars(conn, id_house)
return jsonify({"likes": House.likes(conn, id_house), "dislikes": House.dislikes(conn, id_house), "stars": stars})
def create():
if not authenticated(session):
abort(403)
else:
id_folder = int(request.form.get("id_folder"))
task_name = request.form.get("task_name")
if(id_folder == None) or (id_folder == ""):
flash("The folder must have an id!", category="error")
return redirect(request.referrer)
if(task_name == None) or (task_name == ""):
flash("The task must have a name!", category="error")
return redirect(request.referrer)
conn = connection()
if User.has_permision_to_open_folder(conn, session['user']['id'], id_folder):
if Task.exists(conn, id_folder, task_name):
flash("The task already exists!", category="error")
return redirect(request.referrer)
else:
try:
Task.create(conn, id_folder, task_name)
flash("One task has been added!", category="success")
except:
flash("There was an error adding your task", category="error")
else:
flash("You can't access that folder!", category="error")
return redirect(request.referrer)
def search():
form = SearchForm()
records = []
if form.validate_on_submit():
term = form.term.data.strip()
connection = db.connection()
cursor = connection.cursor()
cursor.execute(
'''
SELECT
g.status,
g.id,
gr.name,
gr.grade,
gr.institution,
gr.created
FROM graduate_record gr
RIGHT JOIN graduate g
ON g.id = gr.graduate_id
WHERE
g.id ILIKE %s OR
gr.name ILIKE %s OR
gr.grade ILIKE %s OR
gr.institution ILIKE %s
ORDER BY gr.created;
''', ['%{}%'.format(term)] * 4)
records = cursor.fetchall()
return render_template('sunedu/search.html', form=form, records=records)
def search():
form = SearchForm()
doctors = []
if form.validate_on_submit():
term = form.term.data.strip()
connection = db.connection()
cursor = connection.cursor()
cursor.execute(
'''
SELECT
d.id,
d.name,
d.surname,
d.state,
d.email,
d.region,
d.status,
d.created
FROM doctor d
WHERE
d.id ILIKE %s OR
d.name ILIKE %s OR
d.surname ILIKE %s OR
d.state ILIKE %s OR
d.email ILIKE %s OR
d.region ILIKE %s
ORDER BY d.id;
''', ['%{}%'.format(term)] * 6)
doctors = cursor.fetchall()
return render_template('cmp/search.html', form=form, doctors=doctors)
def main_menu():
if not authenticated(session):
abort(403)
else:
conn = connection()
folders = Folder.find_by_id_user(conn, session['user']['id'])
return render_template("user/menu.html", folders=folders)
def update():
if not authenticated(session):
abort(403)
else:
id_task = int(request.form.get("id_task"))
id_folder = int(request.form.get("id_folder"))
task_name = request.form.get("task_name")
if(id_task == None) or (id_task == ""):
flash("The task must have an id!", category="error")
return redirect(request.referrer)
if(id_folder == None) or (id_folder == ""):
flash("The folder must have an id!", category="error")
return redirect(request.referrer)
if(task_name == None) or (task_name == ""):
flash("The task must have a name!", category="error")
return redirect(request.referrer)
conn = connection()
if Task.exists(conn, id_folder, task_name):
flash("The task already exists!", category="error")
else:
try:
Task.update(conn, id_task, task_name)
flash("The task was updated!", category="success")
except:
flash("There was an error editing your task", category="error")
return redirect(request.referrer)
def search():
form = SearchForm()
records = []
if form.validate_on_submit():
term = form.term.data.strip()
connection = db.connection()
cursor = connection.cursor()
cursor.execute(
'''
SELECT
rl.status,
rl.ruc,
rl.dni,
CASE WHEN rl.provider IS NULL THEN '---' ELSE rl.provider END AS provider,
(CASE WHEN rl.status = 0 OR rl.status = 2 OR rl.status = 3 THEN '---' ELSE CAST(COUNT(tpl.rrll_id) as VARCHAR) END) AS nu_lineas,
rl.created
FROM rrll rl
LEFT JOIN telephone_line tpl
ON rl.id = tpl.rrll_id
WHERE
rl.ruc ILIKE %s OR
rl.dni ILIKE %s OR
rl.provider ILIKE %s OR
tpl.modality ILIKE %s OR
tpl.telephone ILIKE %s
GROUP BY rl.status, rl.ruc, rl.dni, rl.provider, rl.created;
''', ['%{}%'.format(term)] * 5)
records = cursor.fetchall()
return render_template('osiptel/search.html', form=form, records=records)
def create():
if not authenticated(session):
abort(401)
conn = connection()
User.create(conn, request.form)
return redirect(url_for("user_index"))
def is_owner(id_house):
if not authenticated(session):
abort(401)
conn = connection()
if (User.is_owner(conn, session['user']['id'], id_house)):
return True
return False
def login():
email = request.form.get("email")
password = request.form.get("password")
if(email == None) or (email == ""):
flash("Faltó ingresar el correo electrónico", category="error")
return redirect(request.referrer)
if(password == None) or (password == ""):
flash("Faltó ingresar la contraseña", category="error")
return redirect(request.referrer)
try:
validate_email(email)
conn = connection()
user = User.find_by_email(conn, email)
if not user:
flash("El correo no pertenece a ningún usuario", category="error")
return redirect(request.referrer)
else:
if bcrypt.checkpw(password.encode('utf8'), user["password"].encode('utf8')):
flash("Sesión iniciada!", category="success")
session["user"] = user
return redirect(request.referrer)
else:
flash("Usuario o contraseña inválido", category="error")
return redirect(request.referrer)
except EmailNotValidError:
flash("El correo electrónico no es válido", category="error")
return redirect(request.referrer)
def index():
if not authenticated(session):
abort(401)
conn = connection()
users = User.all(conn)
return render_template("user/index.html", users=users)
def create():
errors = False
required_fields = ["email", "first_name", "last_name", "phone_number", "password1", "password2"]
params = request.form
for key in required_fields:
if params[key] == "":
translate_key = {
"email": "Correo electrónico",
"first_name": "Nombre",
"last_name": "Apellido",
"phone_number": "Teléfono",
"password1": "Contraseña",
"password2": "Repita la contraseña",
}
flash("Falta el campo '" + translate_key[key] + "'", category="error")
errors = True
if params["password1"] != params["password2"]:
flash("Las contraseñas no coinciden", category="error")
errors = True
try:
validate_email(params["email"])
conn = connection()
if User.find_by_email(conn, params["email"]):
flash("Ya existe un usuario con ese correo", category="error")
errors = True
except EmailNotValidError:
flash("El correo electrónico no es válido", category="error")
errors = True
if (not errors):
user_dic = {
"email": params["email"],
"first_name": params["first_name"],
"last_name": params["last_name"],
"phone_number": params["phone_number"],
"password": bcrypt.hashpw(params["password1"].encode('utf8'), bcrypt.gensalt()),
}
User.create(conn, user_dic)
user = User.find_by_email(conn, user_dic["email"])
session["user"] = user
flash("Usuario creado", category="success")
return redirect(url_for("index"))
return redirect(request.referrer)
def authenticate():
conn = connection()
params = request.form
user = User.find_by_email_and_pass(conn, params["email"],
params["password"])
if not user:
flash("Usuario o clave incorrecto.")
return redirect(url_for("auth_login"))
session["user"] = user["email"]
flash("La sesión se inició correctamente.")
return redirect(url_for("home"))
def buy_house():
if not authenticated(session):
abort(401)
id_house = request.form.get("id_house")
if (not id_house):
flash("No hay una casa seleccionada")
return redirect(request.referrer)
conn = connection()
if House.exist(conn, id_house):
if User.buy_house(conn, session['user']['id'], id_house):
flash("Compra exitosa", category="success")
else:
flash("Ha ocurrido un error", category="error")
else:
flash("No puedes comprar esta propiedad", category="error")
return redirect(request.referrer)
def add_fav_house():
if not authenticated(session):
abort(401)
else:
try:
params = request.get_json()
id_user = params['id_user']
id_house = params['id_house']
conn = connection()
if(User.has_favorite(conn, id_user, id_house)):
User.delete_fav_house(conn, id_user, id_house)
return jsonify({"text": "deleted"})
else:
User.add_fav_house(conn, id_user, id_house)
return jsonify({"text": "added"})
except:
abort(500)
def create():
if not authenticated(session):
abort(403)
else:
folder_name = request.form.get("folder_name")
if (folder_name == None) or (folder_name == ""):
flash("The folder must have a name!", category="error")
return redirect(url_for("user-main-menu"))
conn = connection()
if (Folder.exists(conn, session['user']['id'], folder_name)):
flash("The folder already exists!", category="error")
else:
try:
Folder.create(conn, session['user']['id'], folder_name)
flash("The folder was created!", category="success")
except:
flash("There was an error", category="error")
return redirect(url_for("user-main-menu"))
def check():
if not authenticated(session):
abort(403)
data = request.get_json()
id_task = int(data['id_task'])
checked = data['checked']
if(id_task == "" or id_task == None):
abort(404)
if(checked == "" or checked == None):
abort(404)
conn = connection()
Task.check(conn, id_task, checked)
return jsonify({"state": checked})
def show():
if not authenticated(session):
abort(403)
else:
id_folder = request.args.get("id_folder")
if(id_folder == None) or (id_folder == ""):
flash("The 'id' field is empty!", category="error")
return redirect(request.referrer)
conn = connection()
if User.has_permision_to_open_folder(conn, session['user']['id'], id_folder):
folder = Folder.find_by_id(conn, id_folder)
if not folder:
flash("The folder doesn't exist!", category="error")
return redirect(request.referrer)
else:
tasks = Task.find_by_id_folder(conn, folder['id'])
return render_template("folder/folder-show.html", folder=folder, tasks=tasks)
else:
flash("You don't have permission to access that folder!", category="error")
return redirect(request.referrer)
def delete_house():
if not authenticated(session):
abort(401)
id_house = request.form.get("id_house")
if(id_house is None)or(id_house == ""):
flash("La propiedad debe tener un ID", category="error")
else:
conn = connection()
if not User.is_owner(conn, session['user']['id'], id_house):
flash("Solo el dueño de la publicación puede borrarla!", category="error")
else:
if House.was_sold(conn,id_house):
flash("No puede eliminar una propiedad vendida!", category="error")
else:
House.delete(conn, id_house)
flash("Se ha eliminado la publicación exitosamente!", category="success")
return redirect(url_for("index"))
return redirect(request.referrer)
def show():
id = request.args.get("id")
if id is not None:
conn = connection()
house = House.find_by_id(conn, id)
if house:
if house["deleted_at"] is not None:
if authenticated(session):
if User.bought_house(conn, house['id'], session['user']['id']):
return render_template("houses/show_house.html", house=house)
else:
abort(404)
else:
abort(401)
else:
return render_template("houses/show_house.html", house=house)
else:
abort(404)
else:
abort(404)
def home():
connection = db.connection()
cursor = connection.cursor()
cursor.execute('''
SELECT
g.status,
g.id,
gr.name,
gr.grade,
gr.institution,
gr.created
FROM graduate_record gr
RIGHT JOIN graduate g
ON g.id = gr.graduate_id
ORDER BY gr.created
LIMIT 10;
''')
records = cursor.fetchall()
return render_template(
'sunedu/home.html',
records=records,
)
def home():
connection = db.connection()
cursor = connection.cursor()
cursor.execute('''
SELECT
rl.status,
rl.ruc,
rl.dni,
CASE WHEN rl.provider IS NULL THEN '---' ELSE rl.provider END AS provider,
(CASE WHEN rl.status = 0 OR rl.status = 2 OR rl.status = 3 THEN '---' ELSE CAST(COUNT(tpl.rrll_id) as VARCHAR) END) AS nu_lineas,
rl.created
FROM rrll rl
LEFT JOIN telephone_line tpl ON rl.id = tpl.rrll_id
GROUP BY rl.status, rl.ruc, rl.dni, rl.provider, rl.created
ORDER BY rl.created DESC
LIMIT 1000;
''')
records = cursor.fetchall()
return render_template(
'osiptel/home.html',
records=records,
)
def home():
connection = db.connection()
cursor = connection.cursor()
cursor.execute('''
SELECT
d.id,
d.name,
d.surname,
d.state,
d.email,
d.region,
d.notes,
d.status,
d.created
FROM doctor d
ORDER BY d.created DESC
LIMIT 10;
''')
doctors = cursor.fetchall()
return render_template(
'cmp/home.html',
doctors=doctors,
)
def delete():
if not authenticated(session):
abort(403)
else:
id_task = request.form.get("id_task")
if(id_task == None) or (id_task == ""):
flash("The task must have an ID!", category="error")
return redirect(request.referrer)
conn = connection()
task = Task.find_by_id(conn, id_task)
if not task:
flash("The task doesn't exist!", category="error")
else:
if Task.belongs_to_user(conn, id_task, session['user']['id']):
try:
Task.delete(conn, id_task)
flash("A task was deleted!", category="success")
except:
flash("There was an error!", category="error")
else:
flash("You can't access that task!", category="error")
return redirect(request.referrer)
def login():
username = request.form.get("username")
password = request.form.get("password")
if (username == None) or (username == ""):
flash("The field 'username' is empty!", category="error")
return redirect(request.referrer)
if (password == None) or (password == ""):
flash("The field 'password' is empty!", category="error")
return redirect(request.referrer)
conn = connection()
user = User.find_by_username(conn, username)
if not user:
flash("The username doesn't exist!", category="error")
return redirect(request.referrer)
else:
if password == user["password"]:
flash("You have successfully logged in!", category="success")
session["user"] = user
folders = Folder.find_by_id_user(conn, user['id'])
return render_template("user/menu.html", folders=folders)
else:
flash("Invalid password", category="error")
return redirect(request.referrer)
def delete():
if not authenticated(session):
abort(403)
else:
id_folder = request.form.get("id_folder")
if (id_folder == None) or (id_folder == ""):
flash("The folder must have an ID!", category="error")
return redirect(url_for("user-main-menu"))
conn = connection()
folder = Folder.find_by_id(conn, id_folder)
if not folder:
flash("The folder doesn't exist!", category="error")
else:
if folder['id_user'] == session['user']['id']:
try:
Folder.delete(conn, session['user']['id'], id_folder)
flash("The folder was deleted!", category="success")
except:
flash("There was an error!", category="error")
else:
flash("You don't have access to that folder!",
category="error")
return redirect(url_for("user-main-menu"))
def create_app(environment="development"):
"""Crea y configura la aplicación Flask, junto a la conexión a la
base de datos. Además genera las diferentes URLs.
"""
configu = {
"ORIGINS": [
"http://localhost:8080", # React
"http://127.0.0.1:8080", # React
"https://grupo21.proyecto2020.linti.unlp.edu.ar",
],
}
app = Flask(__name__)
CORS(
app,
resources={r"/*": {
"origins": configu["ORIGINS"]
}},
supports_credentials=True,
)
app.config["SESSION_TYPE"] = "filesystem"
# app.config["SQLALCHEMY_ECHO"] = (environment == 'development')
env = os.environ.get("FLASK_ENV", environment)
app.config.from_object(config[env])
Session(app)
# Cors
connection(app)
# handler error
# app.register_error_handler(404, handler.not_found_error)
@app.after_request
def after_request_func(response):
close(app)
return response
app.jinja_env.globals.update(is_authenticated=helper_auth.authenticated)
app.jinja_env.globals.update(settings=PageSetting.find_settings)
app.jinja_env.globals.update(municipios=listado_municipios())
app.jinja_env.globals.update(user_permisos=permissions)
# Home de la página
app.add_url_rule("/", "home", home)
# Autenticación
app.add_url_rule("/login", "auth_login", auth_login)
app.add_url_rule("/logout", "auth_logout", auth.logout)
app.add_url_rule("/autenticacion",
"auth_authenticate",
auth.authenticate,
methods=["POST"])
# User CRUD
app.add_url_rule("/users/new", "user_new", new)
app.add_url_rule("/users_create", "user_create", create, methods=["POST"])
app.add_url_rule("/users/detail/<int:iduser>",
"user_detail",
detail,
methods=["GET", "POST"])
app.add_url_rule("/users/update/<int:id>",
"user_update",
update,
methods=["GET", "POST"])
app.add_url_rule("/users/commit_update",
"commit_update",
commit_update_user,
methods=["POST"])
app.add_url_rule("/users/delete/<int:id>",
"user_delete",
delete,
methods=["GET", "POST"])
app.add_url_rule("/users/commit_delete",
"commit_delete",
commit_delete_user,
methods=["POST"])
# Center CRUD
app.add_url_rule("/centers/new", "center_new", center_new)
app.add_url_rule("/centers_create",
"center_create",
center_create,
methods=["POST"])
app.add_url_rule("/centers/<int:idcenter>",
"center_view",
center_view,
methods=["GET", "POST"])
app.add_url_rule(
"/centers/update/<int:idcenter>",
"center_update",
center_update,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/commit_update",
"center_commit_update",
center_commit_update,
methods=["POST"],
)
app.add_url_rule(
"/centers/delete/<int:idcenter>",
"center_delete",
center_delete,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/commit_delete",
"center_commit_delete",
center_commit_delete,
methods=["POST"],
)
# Turn CRUD
app.add_url_rule(
"/centers/<int:idcenter>/turnos/new",
"turn_new",
turn_new,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/<int:idcenter>/turnos/create",
"turn_create",
turn_create,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/<int:idcenter>/turnos/view/<int:idturno>",
"turn_view",
turn_view,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/<int:idcenter>/turnos/update/<int:idturno>",
"turn_update",
turn_update,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/turns/commit_update",
"turn_commit_update",
turn_commit_update,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/<int:idcenter>/turnos/delete/<int:idturno>",
"turn_delete",
turn_delete,
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/turns/commit_delete",
"turn_commit_delete",
turn_commit_delete,
methods=["GET", "POST"],
)
# User Profile
app.add_url_rule("/user/profile",
"user_profile",
profile,
methods=["GET", "POST"])
app.add_url_rule("/update/profile",
"update_profile",
update_profile,
methods=["GET", "POST"])
# Page Settings
app.add_url_rule("/pageSettings", "pagesettings_indexPage", indexPage)
app.add_url_rule("/updateSettings",
"pagesettings_update",
updateSettings,
methods=["POST"])
# Users
app.add_url_rule("/users", "users", user_index, methods=["GET", "POST"])
# Centers
app.add_url_rule("/centers",
"centers",
center_index,
methods=["GET", "POST"])
# Turns
app.add_url_rule(
"/centers/<int:idcenter>/turnos",
"center_turnosDisp",
turn_index,
methods=["GET", "POST"],
)
# Centers API
app.add_url_rule("/centros",
"centrosApi",
CentersApi,
methods=["GET", "POST"])
app.add_url_rule("/centros/<int:id>",
"centros_id",
center_by_id,
methods=["GET"])
# Turns API
app.add_url_rule(
"/centers/<int:idcenter>/turnos_disponibles/",
"turnos_api",
turnsAPi,
methods=["GET", "POST"],
)
# Turns API by date
app.add_url_rule(
"/centers/<int:idcenter>/turnos_disponibles/<string:fecha>",
"turnos_api",
methods=["GET", "POST"],
)
app.add_url_rule(
"/centers/<int:idcenter>/turnos/pickDate",
"turn_pickDate",
turn_pickDate,
methods=["GET", "POST"],
)
# Turns API create turn
app.add_url_rule(
"/centers/<int:idcenter>/reserva",
"reserve_turn",
reserve_turn,
methods=["POST"],
)
# Centers & Turns Api's for charts
# Cantidad de centros por tipo de centro
app.add_url_rule(
"/centers/by_type/",
"centers_by_type",
centers_by_type,
methods=["GET"],
)
# Cantidad total de turnos sacados por municipio
app.add_url_rule(
"/centers/turns_by_municipality/",
"total_turns_by_municipality",
total_turns_by_municipality,
methods=["GET"],
)
app.add_url_rule(
"/centers/total_centers_by_type/",
"total_centers_by_type",
total_centers_by_type,
methods=["GET"],
)
return app
def init_extensions(app):
"""
初始化第三方插件
:return:
"""
# flask-MongoEngine
db.init_app(app)
db.connection(**app.config.get('ORDER_DB_CONFIG'))
db.connection(**app.config.get('INVENTORY_DB_CONFIG'))
db.connection(**app.config.get('CART_DB_CONFIG'))
db.connection(**app.config.get('CONTENT_DB_CONFIG'))
db.connection(**app.config.get('LOG_DB_CONFIG'))
mongo_inventory.init_app(app, config_prefix='MONGO_INVENTORY')
redis.connection_pool = ConnectionPool(**app.config.get('REDIS_CONFIG'))
session_redis.connection_pool = ConnectionPool(
**app.config.get('SESSION_REDIS'))
# server side session
app.session_interface = RedisSessionInterface(session_redis)
# flask-script
migrate.init_app(app, db)
# flask-mail
mail.init_app(app)
# flask-cache
cache.init_app(app)
# flask-admin
admin.init_app(app)
# flask-bcrypt
bcrypt.init_app(app)
# flask-babel
babel.init_app(app)
# flask-toolbar
toolbar.init_app(app)
# flask-assets
assets.init_app(app)
login_manager.login_view = 'frontend.login'
# login_manager.refresh_view = 'frontend.reauth'
@login_manager.user_loader
def load_user(id):
"""
:param id:
:return:
"""
return User.objects(id=id, is_deleted=False).first()
login_manager.init_app(app)
login_manager.login_message = gettext('Please login to access this page.')
login_manager.needs_refresh_message = gettext(
'Please reauthenticate to access this page.')
# flask-principal
principal.init_app(app)
from flask_principal import identity_loaded
@identity_loaded.conect_via(app)
def on_identity_loaded(sender, identity):
"""
:param sender:
:param identity:
:return:
"""
principal_on_identity_loaded(sender, identity)
def index():
conn = connection()
issues = Issue.all(conn)
return jsonify(issues=issues)
