def update_position(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized("Only your own position can you change.", "error")
form = UpdatePositionForm()
if form.validate_on_submit():
if colleague.position != form.position.data:
colleague.position = form.position.data
try:
db.session.commit()
flash(
f"{who} position changed successfully to {form.position.data}.",
"inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
return redirect(url_for("update_position", id=id))
return redirect(url_for("profile", id=id))
return render_template("update_position.html",
type="Position",
value=colleague.position,
form=form,
colleague=colleague,
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def update_email(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized("Only your own email can you change.", "error")
form = UpdateEmailForm()
if form.validate_on_submit():
if not current_user.check_password(form.password.data):
return unathorized("Invalid password. Please log in again.",
"warning")
if colleague.email != form.email.data:
# save confirmation code to the database and send email confirmation code to the new email:
if not set_confirmation_code(colleague, form.email.data):
redirect(url_for("login"))
return redirect(url_for("confirm_email"))
return redirect(url_for("profile", id=id))
return render_template("update_email.html",
type="Email",
value=colleague.email,
placeholder=get_placeholder(colleague, current_user,
form),
form=form,
colleague=colleague,
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def update_first_name(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized("Only your own name can you change.", "error")
form = UpdateFirstNameForm()
if form.validate_on_submit():
if colleague.first_name != form.first_name.data:
colleague.first_name = form.first_name.data
try:
db.session.commit()
flash(
f"{who} Firs Name changed successfully to {colleague.first_name}.",
"inform")
except:
flash(f"Any error occured. Please try again.", "error")
db.session.rollback()
return redirect(url_for("profile", id=id))
return render_template("update_first_name.html",
type="First Name",
value=colleague.first_name,
form=form,
colleague=colleague,
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def delete_colleague(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized(
"Cannot to delete the registration of someone else.", "error")
form = DeleteColleagueForm()
if form.validate_on_submit():
if not current_user.check_password(form.password.data):
flash("Invalid password. Please log in again.", "warning")
logout_user()
return redirect(url_for("login"))
# check if the colleague has update_privileg:
has_update_privileg = is_auth_privilegs(colleague)
if has_update_privileg:
flash(
f"{colleague.fullname()} an admin with update privilegs.\nPlease remove this privileg before delete the registration.",
"warning")
return redirect(url_for("colleagues"))
remove_avatar_file(colleague)
# delete colleague:
try:
db.session.delete(Colleagues.query.get(id))
db.session.commit()
flash(
f"{colleague.fullname()} successfully deleted from the database.",
"inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
if who == "Your":
return redirect(url_for("landing_page"))
return redirect(url_for("colleagues"))
return render_template("delete_colleague.html",
form=form,
colleague=colleague,
placeholder=get_placeholder(colleague, current_user,
form),
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def upload_avatar(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized(
"Only to your account can you upload avatar can you upload.",
"error")
form = UpdateAvatarForm()
if form.validate_on_submit():
filename = form.avatar.data.filename
print(dir(form.avatar.data))
print(form.avatar.data)
extension = get_extension(filename)
# delete previous avatar:
old_extension = colleague.avatar
if old_extension:
old_avatar = f"static/avatars/{colleague.id}.{old_extension}"
if os.path.exists(old_avatar):
os.remove(old_avatar)
# update colleague avatar:
colleague.avatar = extension
try:
db.session.commit()
# save new avatar:
form.avatar.data.save(f"static/avatars/{colleague.id}.{extension}")
flash(f"Your profile photo successfully changed.", "inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
return redirect(url_for("profile", id=id))
return render_template("update_avatar.html",
type="Avatar",
value="",
enctype="multipart/form-data",
colleague=colleague,
form=form,
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def main():
company = Company.query.get(current_user.company_id)
company_id = company.id
# display existed Idea Boxes:
boxes = db.session.query(Boxes, Admins, Colleagues).filter(
Boxes.admin_id == Admins.id, Colleagues.id == Admins.colleague_id,
Colleagues.company_id == company_id).all()
# replace any HTML elements and entities from the name:
for box in boxes:
# query the last activity from the idea table corresponding to the current box
activity = db.session.query(func.max(
Ideas.create_at)).filter(Ideas.box_id == box.Boxes.id).first()
# query all ideas of the current box:
ideas = Ideas.query.filter(Ideas.box_id == box.Boxes.id).all()
box.Boxes.counter = len(ideas)
# query the last 5 poster's avatars:
posters = []
for poster in ideas[-5:]:
data = {"name": poster.sign, "avatar": "incognito-cut.svg"}
if poster.sign != "incognito":
data["avatar"] = get_avatar(
Colleagues.query.get(poster.colleague_id))
posters.append(data)
box.Boxes.posters = posters
box.Boxes.activity = activity[0]
box.Boxes.name = remove_html(box.Boxes.name)
return render_template(
"main.html",
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
boxes=boxes,
nav=get_nav(current_user))
def profile(id):
colleague = Colleagues.query.get(id)
if current_user.id != id:
# authenticate admin:
if not is_auth_colleague(current_user, colleague):
return unathorized(
"You cannot to view the profile of someone else.", "error")
# admin authorized, view colleague's record:
who = "Colleague"
else:
# colleague view itself:
colleague = current_user
who = "Your"
return render_template("profile.html",
avatar=get_avatar(colleague),
colleague=colleague,
nav=get_nav(current_user))
def update_password(id):
colleague, who, authorized = update_authorization(current_user, id)
if not authorized:
return unathorized("Only your own password can you change.", "error")
form = UpdatePasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.password.data):
flash("Invalid password. Please log in again.", "warning")
logout_user()
return redirect(url_for("login"))
if form.password.data != form.new_password.data:
if form.new_password.data == form.repeat_new_password.data:
try:
colleague.set_password(form.new_password.data)
db.session.commit()
flash(f"{who} password changed successfully.", "inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
else:
flash(
f"{who} repeat password does not match. Please try again.",
"warning")
return redirect(url_for("profile", id=id))
return render_template("update_password.html",
type="Password",
value="********",
form=form,
colleague=colleague,
placeholder=get_placeholder(colleague, current_user,
form),
avatar=get_avatar(colleague),
nav=get_nav(current_user))
def idea_box(id):
# have to check if the current user belong to the same company with the idea box:
idea_box = get_idea_box(id, current_user)
# log out unathorized user:
if not idea_box:
return unathorized("You cannot to view this Idea Box.", "error")
# authorized admin with box privileg:
if is_auth_box(current_user):
current_user.is_admin = True
# set is_open property to the Boxes; If the closing time already due then cannot to share new idea
idea_box.Boxes.is_open = is_open(idea_box.Boxes.close_at)
# query all ideas for the choosen box:
ideas = Ideas.query.filter(Ideas.box_id == id).all()
for idea in ideas:
# update ideas with the poster avatar extension:
colleague = Colleagues.query.get(idea.colleague_id)
idea.avatar = get_avatar(colleague)
# change sign code to the corresponded value:
idea.position = colleague.position
return render_template(
"idea_box.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
ideas=ideas,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def create_idea(box_id, idea_id):
# if id == 0 create new idea, otherwise update existed idea by id
# authenticate user:
idea_box = get_idea_box(box_id, current_user)
# log out unathorized user:
# if idea_box empty then current user belong to different company
# if idea box already closed the user modified the url field
if not idea_box or not is_open(idea_box.Boxes.close_at):
return unathorized("You cannot to edit this Idea.", "error")
current_idea = Ideas.query.get(idea_id)
colleague = current_user
current_user.is_admin = False
if idea_id > 0 and current_idea.colleague_id != current_user.id:
# this idea belong to different colleague than the current user, check updata_box privileg:
if not is_auth_box(current_user):
return unathorized("You don't hane privileg to edit this Idea.",
"error")
else:
# current user is an admin with privileg to edit/delete boxes and ideas:
current_user.is_admin = True
colleague = Colleagues.query.get(current_idea.colleague_id)
form = CreateIdeaForm()
# change sign-input's labels to the name of current user (name must be hidden for Admins!):
form.sign.choices = [
("incognito", "incognito"),
(current_user.user_name, current_user.user_name),
(current_user.first_name, current_user.first_name),
(current_user.fullname(), current_user.fullname())
] if not current_user.is_admin else [(current_idea.sign,
current_idea.sign)]
if form.validate_on_submit():
print("submitted")
success = ""
error = ""
if idea_id == 0:
# instantiate new Idea:
idea = Ideas(idea=form.idea.data,
sign=form.sign.data,
box_id=box_id,
colleague_id=current_user.id)
db.session.add(idea)
success = "Thank you for sharing your Idea."
error = "Any error occured when post your Idea. Please try again."
else:
# edit existed idea:
error = "Any error occured when edited your Idea. Please try again."
if current_idea.idea != form.idea.data:
current_idea.idea = form.idea.data
success += "Your idea successfully edited.\n"
if current_idea.sign != form.sign.data:
current_idea.sign = form.sign.data
success += f"Your sign changed to {current_idea.sign}.\n"
try:
db.session.commit()
flash(success, "inform")
return redirect(url_for("idea_box", id=box_id))
except:
db.session.rollback()
flash(error, "error")
return redirect(
url_for("create_idea", box_id=box_id, idea_id=idea_id))
if idea_id > 0:
# edit mode:
form.submit.label.text = "Edit my Idea" if not current_user.is_admin else f"Edit {colleague.first_name}'s Idea"
form.idea.data = current_idea.idea
form.sign.data = current_idea.sign
else:
form.sign.data = current_user.first_name # set first name by default checked
return render_template(
"create_idea.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
avatar="incognito-cut.svg"
if form.sign.data == "incognito" else get_avatar(colleague),
form=form,
colleague=colleague,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def update_privilegs(id):
colleague = Colleagues.query.get(id)
# authenticate colleague:
if not is_auth_privilegs(current_user, colleague):
return unathorized("You are not authorized to modify privilegs.",
"error")
form = UpdatePrivilegsForm()
admin_privilegs = get_admin(colleague)
if form.validate_on_submit():
if not current_user.check_password(form.password.data):
flash("Invalid password. Please log in again.", "warning")
logout_user()
return redirect(url_for("login"))
admin = Admins.query.filter(
Admins.colleague_id == colleague.id).first()
success = ""
error = ""
if not admin:
# add new admin:
admin = Admins(update_company=form.update_company.data,
update_privilegs=form.update_privilegs.data,
update_colleague=form.update_colleague.data,
update_box=form.update_box.data,
colleague_id=colleague.id)
db.session.add(admin)
success += f"{colleague.fullname()} added successfully to the Admin Team.\n "
error += f"Any error occured. Please try again.\n "
else:
# update privilegs:
if admin_privilegs.update_company != form.update_company.data:
admin.update_company = form.update_company.data
success += f"{colleague.fullname()} 'Update Company' privileg successfully changed to {form.update_company.data}.\n "
error += f"Any error occured. Please try again.\n "
if admin_privilegs.update_privilegs != form.update_privilegs.data:
# get all admins of company with update_company privileg:
privileg_admins = db.session.query(Colleagues, Admins).filter(
Colleagues.id == Admins.colleague_id,
Colleagues.company_id == current_user.company_id,
Admins.update_privilegs == True).all()
# check if the colleague is the last admin with update_privileg:
if len(privileg_admins) < 2:
# refuse the deletion of last privileg admin:
flash(
f"Deletion refused because You are the last admin with update_privileg.",
"warning")
return redirect(url_for("privilegs"))
admin.update_privilegs = form.update_privilegs.data
success = f"{colleague.fullname()} 'Update Privilegs' privileg successfully changed to {form.update_privilegs.data}.\n "
error = f"Any error occured. Please try again.\n "
if admin_privilegs.update_colleague != form.update_colleague.data:
admin.update_colleague = form.update_colleague.data
success += f"{colleague.fullname()} 'Update Colleague' privileg successfully changed to {form.update_colleague.data}.\n "
error += f"Any error occured. Please try again.\n "
if admin_privilegs.update_box != form.update_box.data:
admin.update_box = form.update_box.data
success += f"{colleague.fullname()} 'Update Idea Box' privileg successfully changed to {form.update_box.data}.\n "
error += f"Any error occured. Please try again.\n "
try:
db.session.commit()
flash(success, "inform")
except:
db.session.rollback()
flash(error, "error")
# delete admin from the table if there is no privilegs:
admin = Admins.query.filter(
Admins.colleague_id == colleague.id).first()
is_any_privileg = admin.update_company or admin.update_privilegs or admin.update_colleague or admin.update_box
if not is_any_privileg:
# delete admin:
try:
db.session.delete(admin)
db.session.commit()
flash(
f"{colleague.fullname()} successfully deleted from the Admin team.",
"inform")
except:
db.session.rollback()
flash(
f"Any error occured by deleting {colleague.fullname()} from the Adnin team. Please try again.",
"error")
return redirect(url_for("privilegs"))
return render_template("update_privilegs.html",
form=form,
colleague=colleague,
admin=admin_privilegs,
avatar=get_avatar(colleague),
nav=get_nav(current_user))
