def create(): if request.method == 'POST': title = request.form['title'] description = request.form['description'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO project (title, description, admin_uid)' ' VALUES (?, ?, ?)', (title, description, g.user['id'])) db.commit() pid = _INSTANCE_CONF.get_key( "pid_alloc" ) + 1 # TODO: potential hazard here. Use lock or switch to Redis _INSTANCE_CONF.set_key("pid_alloc", pid) ProjectProfile(pid) return redirect(url_for('project.index')) return render_template('project/create.html')
def index(): db = get_db() projects = db.execute( 'SELECT p.id, title, description, created, admin_uid, u.username' ' FROM project p, user u WHERE p.admin_uid = ? and p.admin_uid = u.id' # JOIN user u ON p.admin_uid = u.id' ' ORDER BY created DESC', (g.user['id'], )).fetchall() return render_template('project/index.html', projects=projects)
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def get_proj(pid, check_author=True): proj = get_db().execute( 'SELECT p.id, title, description, created, admin_uid, u.username' ' FROM project p, user u WHERE p.id = ? and p.admin_uid = u.id' ' ORDER BY created DESC', (pid, )).fetchone() if proj is None: abort(404, "Project id {0} doesn't exist.".format(id)) if check_author and proj['admin_uid'] != g.user['id']: abort(403, "Operation only allowed for project creator.") # proj_prof = ProjectProfile(pid).load() return proj
def edit(pid): proj = get_proj(pid) if request.method == 'POST': title = request.form['title'] description = request.form['description'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE proj SET title = ?, description = ?' ' WHERE id = ?', (title, description, pid)) db.commit() return redirect(url_for('project.index')) return render_template('project/edit.html', proj=proj)
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: session.clear() session['user_id'] = user['id'] return redirect(url_for('project.index')) flash(error) return render_template('auth/login.html')
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) if error is None: db.execute('INSERT INTO user (username, password) VALUES (?, ?)', (username, generate_password_hash(password))) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')