def edit():
"""
Edit the user profile
"""
user_id = eval(request.cookies.get('user_id'))
if request.method == 'GET':
command = f'SELECT name, phone, address, password FROM users WHERE user_id = {user_id}'
profile = db.get_from_db(command).fetchall()
if len(profile) > 0:
profile = profile[0]
return make_response(
render_template('edit_profile.html',
name=profile['name'],
phone=profile['phone'],
address=profile['address'],
password=profile['password']))
return Response("Need to log in to access profile information", 401)
if request.method == 'POST':
name = request.form['name']
address = request.form['address']
phone = request.form['phone']
password = request.form['password']
if name:
command = f'UPDATE users SET name = "{name}" WHERE user_id = {user_id}'
db.push_into_db(command)
if address:
command = f'UPDATE users SET address = "{address}" WHERE user_id = {user_id}'
db.push_into_db(command)
if phone:
command = f'UPDATE users SET phone = "{phone}" WHERE user_id = {user_id}'
db.push_into_db(command)
if password:
command = f'UPDATE users SET password = "******" WHERE user_id = {user_id}'
db.push_into_db(command)
return make_response(redirect(url_for('profile.profile')))
def register():
"""
Register Profile View
"""
if request.method == 'POST':
name = request.form['name']
address = request.form['address']
phone = request.form['phone']
email = request.form['email']
username = request.form['username']
password = request.form['password']
# passwordRepeat = request.form['passwordRepeat']
command = f'INSERT INTO users (username, name, email, phone, address, password, access_level) VALUES ("{username}", "{name}", "{email}", "{phone}", "{address}", "{password}", 1)'
if db.push_into_db(command):
# Inserts new user, if username is not in use
# Directs to profile page as new user
return make_response(redirect(url_for('login.login')))
else:
return make_response(render_template('register.html'))
else:
# Add here exception for already logged in.
return make_response(render_template('register.html'))
def test_push_into_db(app):
with app.app_context():
name = "test"
price = 10
description = "description"
image = "imagestring"
stock = 10
command = f'INSERT INTO products (name, price, description, image, stock) VALUES ("{name}", "{price}", "{description}", "{image}", "{stock}")'
assert push_into_db(command)
assert bool(get_from_db(f'SELECT * FROM products WHERE name = "{name}" AND price = {price} AND description = "{description}" AND image = "{image}" AND stock = {stock}'))
def shopping_cart():
"""
Shopping cart view
"""
if request.method == 'GET':
return render_template('cart.html')
if request.method == 'POST':
if request.cookies.get('logged_in') == "True":
product_ids = eval(request.cookies.get(
'shopping_cart',
'{}')) #list of product ids, get product ids from cookie
shopping_cart = dict()
user_id = request.cookies.get('user_id')
cart = {}
for pid, amount in product_ids.items():
# Ignore items that have 0 amount
if amount != 0:
command = f'SELECT * FROM products WHERE product_id = {pid}'
prod = db.get_from_db(command)
prod = prod.fetchall()[0]
cart[prod["name"]] = [
amount, round(prod["price"] * amount, 2)
]
cart = str(cart)
t = time.asctime()
command = f'INSERT INTO purchase_history (user_id, shopping_cart, timestamp) VALUES ("{ user_id }", "{ cart }", "{ t }")'
print(command)
if db.push_into_db(command):
resp = make_response(
redirect(url_for('shopping_cart.shopping_cart')))
# Reset shopping cart
resp.delete_cookie('shopping_cart')
else:
resp = make_response("Cannot make purchase!")
else:
resp = make_response("Please login to make a purchase")
return resp
def create_product():
"""
Creates a new product. Currently not possible to set product image, uses assets/placeholder.png
Name, price, description and stock need to be provided
Visible is optional (defaults to 1)
example: /admin/create_product?name=<name>&price=<price>&description=<description>&stock=<stock>
"""
vals = request.args
# Check access level from database
user_id = eval(request.cookies.get('user_id'))
command = f'SELECT access_level FROM users WHERE user_id="{user_id}"'
user = db.get_from_db(command).fetchone()
access_level = user["access_level"]
if access_level < 2:
return Response("Unauthorized", 403)
command = f'INSERT INTO products (name, price, description, stock, image, visible) VALUES ("{vals.get("name")}", "{vals.get("price")}", "{vals.get("description")}", "{vals.get("stock")}", "assets/placeholder.png", "{vals.get("visible", 1)}")'
if db.push_into_db(command):
return "Created product"
return "Failed to create product"
def create_product_yaml():
"""
Eat a yaml, and create product from the data.
Example curl command. Only admin (user id 0) has the required access level to use this:
curl --cookie 'user_id=1' -X POST '127.0.0.1:5000/admin/create_product_yaml' --data-binary @prod_list.yml
Sample of prod_list.yml:
------------------------------------------------------
products:
- name: test
price: 1
description: testdesc
stock: 4
image: test
visible: 1
- name: another_test
price: 20
description: Very cool
stock: 20
image: another_test
visible: 0
------------------------------------------------------
"""
# Check access level from database
user_id = eval(request.cookies.get('user_id'))
command = f'SELECT access_level FROM users WHERE user_id="{user_id}"'
user = db.get_from_db(command).fetchone()
access_level = user["access_level"]
if access_level < 2:
return Response("Unauthorized", 403)
product_yaml = full_load(request.get_data())
products = product_yaml.get("products", [])
for p in products:
command = f'INSERT INTO products (name, price, description, stock, image, visible) VALUES ("{p.get("name")}", "{p.get("price")}", "{p.get("description")}", "{p.get("stock")}", "assets/placeholder.png", "{p.get("visible", 1)}")'
if not db.push_into_db(command):
return f"Failed to create product {p}"
return f"Created {len(products)} products."
def submit_review(product_id=None):
'''
Post a review for a product
'''
if request.cookies.get('logged_in') == "True":
message = request.form['message']
user_id = request.cookies.get('user_id')
command = f'SELECT username FROM users WHERE user_id = {user_id}'
username = db.get_from_db(command)
username = username.fetchall()[0]
username = username["username"]
command = f'INSERT INTO reviews (text, username, product_id) VALUES ("{message}", "{username}", "{product_id}")'
if db.push_into_db(command):
resp = make_response(product(product_id))
else:
resp = make_response(
"You have already posted a review for this product!")
else:
resp = make_response("Please login to leave review!")
return resp