def edit(): """ Edit the user profile """ user_id = eval(request.cookies.get('user_id')) if request.method == 'GET': command = f'SELECT name, phone, address, password FROM users WHERE user_id = {user_id}' profile = db.get_from_db(command).fetchall() if len(profile) > 0: profile = profile[0] return make_response( render_template('edit_profile.html', name=profile['name'], phone=profile['phone'], address=profile['address'], password=profile['password'])) return Response("Need to log in to access profile information", 401) if request.method == 'POST': name = request.form['name'] address = request.form['address'] phone = request.form['phone'] password = request.form['password'] if name: command = f'UPDATE users SET name = "{name}" WHERE user_id = {user_id}' db.push_into_db(command) if address: command = f'UPDATE users SET address = "{address}" WHERE user_id = {user_id}' db.push_into_db(command) if phone: command = f'UPDATE users SET phone = "{phone}" WHERE user_id = {user_id}' db.push_into_db(command) if password: command = f'UPDATE users SET password = "******" WHERE user_id = {user_id}' db.push_into_db(command) return make_response(redirect(url_for('profile.profile')))
def register(): """ Register Profile View """ if request.method == 'POST': name = request.form['name'] address = request.form['address'] phone = request.form['phone'] email = request.form['email'] username = request.form['username'] password = request.form['password'] # passwordRepeat = request.form['passwordRepeat'] command = f'INSERT INTO users (username, name, email, phone, address, password, access_level) VALUES ("{username}", "{name}", "{email}", "{phone}", "{address}", "{password}", 1)' if db.push_into_db(command): # Inserts new user, if username is not in use # Directs to profile page as new user return make_response(redirect(url_for('login.login'))) else: return make_response(render_template('register.html')) else: # Add here exception for already logged in. return make_response(render_template('register.html'))
def test_push_into_db(app): with app.app_context(): name = "test" price = 10 description = "description" image = "imagestring" stock = 10 command = f'INSERT INTO products (name, price, description, image, stock) VALUES ("{name}", "{price}", "{description}", "{image}", "{stock}")' assert push_into_db(command) assert bool(get_from_db(f'SELECT * FROM products WHERE name = "{name}" AND price = {price} AND description = "{description}" AND image = "{image}" AND stock = {stock}'))
def shopping_cart(): """ Shopping cart view """ if request.method == 'GET': return render_template('cart.html') if request.method == 'POST': if request.cookies.get('logged_in') == "True": product_ids = eval(request.cookies.get( 'shopping_cart', '{}')) #list of product ids, get product ids from cookie shopping_cart = dict() user_id = request.cookies.get('user_id') cart = {} for pid, amount in product_ids.items(): # Ignore items that have 0 amount if amount != 0: command = f'SELECT * FROM products WHERE product_id = {pid}' prod = db.get_from_db(command) prod = prod.fetchall()[0] cart[prod["name"]] = [ amount, round(prod["price"] * amount, 2) ] cart = str(cart) t = time.asctime() command = f'INSERT INTO purchase_history (user_id, shopping_cart, timestamp) VALUES ("{ user_id }", "{ cart }", "{ t }")' print(command) if db.push_into_db(command): resp = make_response( redirect(url_for('shopping_cart.shopping_cart'))) # Reset shopping cart resp.delete_cookie('shopping_cart') else: resp = make_response("Cannot make purchase!") else: resp = make_response("Please login to make a purchase") return resp
def create_product(): """ Creates a new product. Currently not possible to set product image, uses assets/placeholder.png Name, price, description and stock need to be provided Visible is optional (defaults to 1) example: /admin/create_product?name=<name>&price=<price>&description=<description>&stock=<stock> """ vals = request.args # Check access level from database user_id = eval(request.cookies.get('user_id')) command = f'SELECT access_level FROM users WHERE user_id="{user_id}"' user = db.get_from_db(command).fetchone() access_level = user["access_level"] if access_level < 2: return Response("Unauthorized", 403) command = f'INSERT INTO products (name, price, description, stock, image, visible) VALUES ("{vals.get("name")}", "{vals.get("price")}", "{vals.get("description")}", "{vals.get("stock")}", "assets/placeholder.png", "{vals.get("visible", 1)}")' if db.push_into_db(command): return "Created product" return "Failed to create product"
def create_product_yaml(): """ Eat a yaml, and create product from the data. Example curl command. Only admin (user id 0) has the required access level to use this: curl --cookie 'user_id=1' -X POST '127.0.0.1:5000/admin/create_product_yaml' --data-binary @prod_list.yml Sample of prod_list.yml: ------------------------------------------------------ products: - name: test price: 1 description: testdesc stock: 4 image: test visible: 1 - name: another_test price: 20 description: Very cool stock: 20 image: another_test visible: 0 ------------------------------------------------------ """ # Check access level from database user_id = eval(request.cookies.get('user_id')) command = f'SELECT access_level FROM users WHERE user_id="{user_id}"' user = db.get_from_db(command).fetchone() access_level = user["access_level"] if access_level < 2: return Response("Unauthorized", 403) product_yaml = full_load(request.get_data()) products = product_yaml.get("products", []) for p in products: command = f'INSERT INTO products (name, price, description, stock, image, visible) VALUES ("{p.get("name")}", "{p.get("price")}", "{p.get("description")}", "{p.get("stock")}", "assets/placeholder.png", "{p.get("visible", 1)}")' if not db.push_into_db(command): return f"Failed to create product {p}" return f"Created {len(products)} products."
def submit_review(product_id=None): ''' Post a review for a product ''' if request.cookies.get('logged_in') == "True": message = request.form['message'] user_id = request.cookies.get('user_id') command = f'SELECT username FROM users WHERE user_id = {user_id}' username = db.get_from_db(command) username = username.fetchall()[0] username = username["username"] command = f'INSERT INTO reviews (text, username, product_id) VALUES ("{message}", "{username}", "{product_id}")' if db.push_into_db(command): resp = make_response(product(product_id)) else: resp = make_response( "You have already posted a review for this product!") else: resp = make_response("Please login to leave review!") return resp