def account():
user_pic = url_for('static', filename='pics/' + current_user.user_pic)
all_posts = [post[0] for post in posts]
post_names = [i for i in all_posts if i != current_user.post_name]
acc_form = AccountForm(prefix='form1')
new_user_form = AddNewUserForm(prefix='form2')
delete_user_form = DeleteUserForm(prefix='form3')
if acc_form.submit1.data and acc_form.validate_on_submit():
print('1')
flash('Сохранено', 'success')
return redirect(url_for('account'))
if new_user_form.submit2.data and new_user_form.validate_on_submit():
print('2')
flash('Пользователь добавлен', 'success')
return redirect(url_for('account'))
if delete_user_form.submit3.data and delete_user_form.validate_on_submit():
print('3')
flash('Пользователь удален', 'success')
return redirect(url_for('account'))
return render_template('account.html',
acc_form=acc_form,
posts=post_names,
user_pic=user_pic,
new_user_form=new_user_form,
all_posts=all_posts,
delete_user_form=delete_user_form)
def delete_user():
''' Delete a user or an admin.
:return: Redirect to the admin dashboard method
:rtype: redirect
'''
form = DeleteUserForm()
if form.validate_on_submit():
username = form.username.data
db = get_db()
error = None
if not username:
error = "Username is required."
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is None:
error = "The user {} doesn't exist.".format(username)
if error is None:
# All ip addresses connected to the user need to get deleted first
userid = db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone()
db.execute('DELETE FROM ipaddr WHERE userid = ?', (userid['id'], ))
db.execute('DELETE FROM user WHERE username = ?', (username, ))
db.commit()
return redirect(url_for('admins.dashboard'))
flash(error)
return redirect(url_for('admins.dashboard'))
def deleteUser():
form = DeleteUserForm()
if form.validate_on_submit():
db.session.delete(current_user)
db.session.commit()
flash("{}, we're sorry to see you go!".format(current_user.username),
'bg-info')
return redirect(url_for('login'))
return render_template('delete_user.html',
title='Delete account',
form=form)
def delete_user():
form = DeleteUserForm()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
user = User.query.filter_by(id=current_user.id).first()
db.session.delete(user)
db.session.commit()
flash('Account deleted.')
return (redirect('/'))
flash('That password does not seem to match')
return render_template('delete_user.html', form=form)
return render_template('delete_user.html', form=form)
def admin():
if not current_user.isAdmin == 1:
return redirect(url_for('index'))
else:
add_user_form = AddUser()
edit_user_form = EditUserForm()
delete_user_form = DeleteUserForm()
if add_user_form.add_user_submit.data and add_user_form.validate():
user = User(username=add_user_form.username.data,
name=add_user_form.name.data,
isAdmin=False)
db.session.add(user)
db.session.commit()
flash("User added.", "success")
return redirect(url_for('admin'))
edit_user_form.update_choices()
if edit_user_form.edit_submit.data and edit_user_form.validate():
user = User.query.filter_by(
username=edit_user_form.username.data).first()
if user is None:
flash("Unable to find username in database", "danger")
return redirect(url_for("admin"))
if edit_user_form.name.data != "":
user.name = edit_user_form.name.data
db.session.commit()
edit_user_form.update_choices()
flash("User details updated.", "success")
return redirect(url_for("admin"))
if edit_user_form.password.data != "":
if edit_user_form.password.data == edit_user_form.password2.data:
print(edit_user_form.password.data)
user.set_password(edit_user_form.password.data)
db.session.commit()
flash("User details updated.", 'success')
return redirect(url_for('admin'))
else: #password field not empty but password wrong
flash("Password does not match!", "danger")
return redirect(url_for('admin'))
delete_user_form.update_choices()
if delete_user_form.delete_submit.data and delete_user_form.validate():
user = User.query.filter_by(
username=delete_user_form.username.data).first()
db.session.delete(user)
db.session.commit()
flash("User deleted", "success")
return redirect(url_for("admin"))
return render_template('admin.html',
add_user_form=add_user_form,
edit_user_form=edit_user_form,
delete_user_form=delete_user_form)
def delete_user():
if current_user.role != 'admin':
flash('Access denied', 'danger')
return redirect(url_for('dashboard'))
form = DeleteUserForm()
if form.validate_on_submit():
user = User.get(form.id.data)
user.delete()
flash('User Deleted Successfully', 'success')
else:
flash('Failed to delete user', 'danger')
session['deleted_user'] = True
return redirect(url_for('dashboard'))
def delete():
form = DeleteUserForm()
if form.validate_on_submit():
delete_user = User.query.filter_by(username=form.username.data).first()
db.session.delete(delete_user)
db.session.commit()
flash('Ditt konto har raderats. Hoppas att vi ses igen.', 'success')
return redirect(url_for('logout'))
else:
flash('Ogiltig username eller password')
return render_template('delete.html', form=form)
def delete(username):
form = DeleteUserForm()
if form.validate_on_submit():
delete_user = User.query.filter_by(username=form.username.data).first()
db.session.delete(delete_user)
db.session.commit()
flash('Ditt konto har raderats. Hoppas att vi ses igen!', 'success')
return redirect(url_for('logout'))
elif user is None or not user:
flash('Ogiltig användarnamn eller lösenord')
return render_template('delete.html',
form=form,
drop_down_cats=drop_down_cats)
def add_product():
if session["user_type"] != "Klient":
form = ProductForm()
form2 = DeleteUserForm()
if request.method == "POST":
cur = get_db().cursor()
form.validate_on_submit()
cur.execute(
"insert into Produkt values (null, ?, ?, ?, ?)",
(
form.name.data,
form.net_price.data,
form.vat.data,
request.getlist("przycisk")[0],
),
)
get_db().commit()
return redirect(url_for("products"))
cur = get_db().cursor()
cur.execute("Select id, imie, nazwisko from Osoba")
return render_template("html/add_product.html.j2",
form=form,
persons=cur.fetchall(),
form2=form2)
return redirect(url_for("index"))
def delete_user(userid):
if current_user.permission_level is not 2:
return redirect(url_for('index'))
user = User.query.filter_by(id=userid).first_or_404()
form = DeleteUserForm()
if form.validate_on_submit():
db.session.delete(user)
db.session.commit()
flash('User Deleted')
return redirect(url_for('index'))
return render_template('delete_user.html',
title='Delete User',
user=user,
form=form)
def deleteuser(userid):
if(current_user.is_admin==False):
return redirect(url_for('index')) #only admins can visit this page
user = User.query.filter_by(id=userid).first_or_404()
deluserform = DeleteUserForm()
confirmed = False
if deluserform.submitDeleteUser.data and deluserform.validate_on_submit():
confirmed = True
#delete all quiz attempt data associated with the user
for attempt in user.attempts:
db.session.delete(attempt)
db.session.commit()
db.session.delete(user)
db.session.commit()
return render_template('delete_user.html', user=user, deluserform=deluserform, confirmed=confirmed)
def delete_users():
if not current_user.admin:
flash('You do not have access to that page')
return redirect(url_for('login'))
form = DeleteUserForm()
form.users.choices = [(u.id, u.username) for u in User.query.all()]
if form.validate_on_submit():
for q_id in form.users.data:
User.query.filter_by(id=q_id).delete()
db.session.commit()
flash('User(s) deleted successfully.')
return redirect(url_for('delete_users'))
return render_template('delete_user.html',
title='Admin - Delete Users',
form=form)
def delete_user(id):
roles = User.query.all()
role = User.query.filter_by(id=current_user.id).first()
user = User.query.filter_by(id=id).first()
name = user.first_name + " " + user.last_name
if current_user.admin == 0:
redirect(url_for('index'))
flash(
'You do not have access to that page. Please contact your administrator.'
)
form = DeleteUserForm()
if form.validate_on_submit():
User.query.filter_by(id=id).delete()
User.query.filter_by(id=id).delete()
db.session.commit()
flash('You have successfully deleted {}\'s account!'.format(name))
return redirect(url_for('admin_manage_user'))
return render_template('admin_update_user.html',
title="Confirm Delete: {}".format(name),
form=form,
roles=roles)
def del_user():
if session["user_type"] != "Klient":
form = DeleteUserForm()
if request.method == "POST":
cur = get_db().cursor()
if "Usuń Uzytkownika" == request.form.get("submit"):
try:
request.form.getlist("przycisk")[0]
cur.execute('SELECT * FROM Uzytkownik WHERE id=?',
(request.form.getlist("przycisk")[0]))
user = cur.fetchall()[0]
print((str(user)))
cur.execute('SELECT * FROM Osoba WHERE id=?',
(str(user[0])))
person = cur.fetchall()
cur.execute('SELECT * FROM Adres WHERE id=?',
(str(person[0][3])))
adress = cur.fetchall()
if (len(person) == 0):
if (len(adress) == 0):
cur.execute('DELETE FROM Uzytkownik WHERE id=?',
(str(user[0])))
con.commit()
flash('Usunieto osobe')
else:
flash('Musisz najpierw usunac adres', 'error')
else:
flash('Musisz najpierw usunac osobe', 'error')
except:
flash('Musisz najpierw wybrac osobe')
if "Update Uzytkownika" == request.form.get("submitUpdate"):
try:
request.form.getlist("przycisk")[0]
cur = get_db().cursor()
session["id"] = (request.form.getlist("przycisk"))
print(session["id"])
return redirect(url_for("update_user"))
except:
flash('Musisz najpierw wybrac osobe')
cur = get_db().cursor()
cur.execute(
"Select Osoba.id, imie, nazwisko, login, typ, nr_lokalu, nr_budynku, ulica, miasto, wojewodztwo from Osoba inner join Uzytkownik on Osoba.id = Uzytkownik.id inner join Adres on Adres.id = Osoba.id"
)
return render_template(
"html/del_user.html.j2",
form=form,
persons=cur.fetchall(),
)
return redirect(url_for("index"))
def delete_user():
if not current_user.is_admin():
flash('Permission denied...', 'danger')
return {'status': 403}
form = DeleteUserForm(request.form)
if form.validate_on_submit():
if form.id.data == current_user.id:
flash("You can't delete yourself. Find another admin user to do this for you.", 'danger')
return {'status': 400}
user = User.query.get(form.id.data)
if not user:
flash('Failed to delete non-existing user.')
return {'status': 400}
if user.articles.first():
flash("You can't delete a user with published articles.", 'danger')
return {'status': 400}
db.session.delete(user)
db.session.commit()
return {'status': 200}
else:
flash(form.errors, 'form-error')
return {'status': 400}
def dashboard():
''' Admin Dashboard. Shows all users and snort logs.
Allows adding/deleting users and resetting the logs.
:return: The admin.html view
:rtype: HTML
'''
add_form = AddUserForm()
delete_form = DeleteUserForm()
reset_form = ResetLogForm()
db = get_db()
if request.method == 'POST':
selected_users = request.form.getlist("users")
for user in selected_users:
db.execute('DELETE FROM user WHERE id = ?', (user, ))
db.commit()
return redirect(url_for('admins.dashboard'))
rows = db.execute('SELECT * FROM user').fetchall()
clients = []
for row in rows:
ipadresses = db.execute(
'SELECT ipaddress FROM ipaddr WHERE userid = ?',
(row['id'], )).fetchall()
client = {}
client['username'] = row['username']
client['user_role'] = row['user_role']
client['ipadresses'] = ipadresses
if row['email'] is not None:
client['email'] = row['email']
clients.append(client)
snort_rows = db.execute('SELECT * FROM snort').fetchall()
snort_outer_row = []
for snort_row in snort_rows:
snort_inner_dict = {}
snort_inner_dict['type'] = snort_row[1]
snort_inner_dict['classification'] = snort_row[2]
snort_inner_dict['priority'] = snort_row[3]
snort_inner_dict['datetime'] = snort_row[4]
snort_outer_row.append(snort_inner_dict)
return render_template('admin.html',
clients=clients,
logs=snort_outer_row,
add_form=add_form,
delete_form=delete_form,
reset_form=reset_form)