# The auth.user below forces login. @action('index') @action.uses(auth.user, url_signer, session, db, 'index.html') def index(): return dict( # This is an example of a signed URL for the callback. # See the index.html template for how this is passed to the javascript. posts_url=URL('posts', signer=url_signer), delete_url=URL('delete_post', signer=url_signer), user_email=auth.current_user.get('email'), author_name=auth.current_user.get('first_name') + " " + auth.current_user.get('last_name')) @action('posts', method="GET") @action.uses(db, auth.user, session, url_signer.verify()) def get_posts(): # You can use this shortcut for testing at the very beginning. # TODO: complete. posts = [] # Just to keep code from breaking. posts = db(db.post).select(db.post.ALL, orderby=~db.post.post_date).as_list() posts_ = [] for p in posts: # print(p) if p["is_reply"] == None: posts_.append(p) q = p["id"] for p in posts: if (p["is_reply"] == q):
@action.uses(db) def get_recipe_ingredients(recipe_id): """ Returns a list of all the ingredients for a recipe and their quantities. """ rows = db((db.recipe_ingredients.recipe == recipe_id) & (db.recipe_ingredients.ingredient == db.ingredients.id)).select( db.recipe_ingredients.id, db.ingredients.name, db.recipe_ingredients.quantity).as_list() return dict(rows=rows) @action('set_recipe_ingredient', method=["POST"]) @action.uses(url_signer.verify(), db) def set_recipe_ingredient(): """ Sets a recipe-ingredient's recipe, ingredient and quantity, for one of a user's existing recipes. Can only be used by the creator of the recipe. Reuses existing ingredient rows if they are in the database to avoid ingredient duplication. """ recipe_id = request.json.get('recipe_id') recipe_ingredient_id = request.json.get('recipe_ingredient_id') ingredient_name = request.json.get('ingredient_name') quantity = request.json.get('quantity') if get_user_email() != db.recipes[recipe_id].m_email: return "Access denied"
], record=dict(first_name=row[0].get('first_name'), last_name=row[0].get('last_name')), deletable=False, csrf_session=session, formstyle=FormStyleBulma) if form.accepted: db.person.update_or_insert(((db.person.id == person_id)), first_name=form.vars.get('first_name'), last_name=form.vars.get('last_name')) redirect(URL('index')) return dict(form=form) @action('delete_contact/<person_id>', method='GET') @action.uses('index.html', session, db, url_signer.verify()) def delete_contact(person_id=None): p = db.person[person_id] if p is None: redirect(URL('index')) # else delete person if has access if (p.user_email == auth.current_user.get('email')): db(db.person.id == person_id).delete() redirect(URL('index')) # after pressing Edit button in index - table with phone numbers @action('edit_phones/<person_id>', method='GET') @action.uses(db, session, auth.user, 'phone.html') def edit_phones(person_id=None): p = db.person[person_id]
communicative=db.profiles.communicative.default, ) profile_info = db(db.profiles.user == user_info.id).select().first() return dict( user_info=user_info, profile_info=profile_info, change_profile_url=URL('change_profile', signer=url_signer), add_game_url=URL('add_game', signer=url_signer), load_games_url=URL('load_games', signer=url_signer), ) @action('change_profile', method="POST") @action.uses(auth.user, url_signer.verify(), db) def change_profile(): print("changing the profile apparently") user_info = db(db.auth_user.email == get_user_email()).select().first() profile_info = db(db.profiles.user == user_info.id).select().first() auth_user_id = db.auth_user.update_or_insert( db.auth_user.email == get_user_email(), first_name=request.json.get('first_name') if request.json.get('first_name') != "" else user_info.first_name, last_name=request.json.get('last_name') if request.json.get('last_name') != "" else user_info.last_name, ) profile_id = db.profiles.update_or_insert( db.profiles.user == user_info.id, region=request.json.get('region') if request.json.get('region') != "" else profile_info.region,
# No matter that the field did not originally exist in the database. row['phone_numbers'] = s # So at the end, we can return "nice" rows, each one with our nice string. # A row r will have fields r["first_name"], r["last_name"], r["phone_numbers"], ... # You can pass these rows to the view, so you can display the table. # for row in rows: # print(row["first_name"] + row["last_name"]) # print(row["phone_numbers"]) return dict( rows = rows, url_signer=url_signer, ) @action('edit_contact/<contact_id:int>', method=["GET", "POST"]) @action.uses(db, session, auth.user, url_signer.verify(), 'edit_contact.html') def edit(contact_id=None): assert contact_id is not None p = db.contact[contact_id] print('hi edit contact') if p is None: # nothing found to be edited redirect(URL('index')) form = Form(db.contact, record=p, deletable=False, csrf_session=session, formstyle=FormStyleBulma) if form.accepted: redirect(URL('index')) return dict( form = form )
profile_owner = user else: profile_owner = db( db.auth_user.username == profile_username).select().first() assert profile_owner is not None profile = db(db.profile.user_id == profile_owner["id"]).select().first() profile.username = profile_username comments = db(db.comment.user_id == profile_owner["id"]).select() return dict(username=user["username"], profile=profile, comments=comments, signer=url_signer) @action("edit_profile", method=["GET", "POST"]) @action.uses(db, session, auth.user, url_signer.verify(), "profile_form.html") def edit_profile(): user = auth.get_user() db.profile.update_or_insert(user_id=user["id"]) profile = db.profile[user["id"]] form = Form([Field('avatar', type='upload'), Field('bio', type='text')], csrf_session=session, formstyle=FormStyleBulma) if form.accepted: db(db.profile.user_id == user["id"]).validate_and_update( avatar=form.vars['avatar'], bio=form.vars['bio']) redirect(URL('profile')) return dict(profile=profile, form=form)
# and we can simply assign the nice string to a field of the row! # No matter that the field did not originally exist in the database. row["price"] = result return dict(rows=rows, url_signer=url_signer, search_url=URL('search', signer=url_signer), my_callback_url=URL('my_callback', signer=url_signer), add_post_url=URL('add_post', signer=url_signer), delete_post_url=URL('delete_post', signer=url_signer), get_rating_url=URL('get_rating', signer=url_signer), set_rating_url=URL('set_rating', signer=url_signer)) @action('my_callback') @action.uses(url_signer.verify(), db) def my_callback(): rows = db(db.post).select().as_list() return dict(rows=rows, user=get_user_email(), the_reviewer=get_user()) @action('add_post', method="POST") @action.uses(url_signer.verify(), db) def add_post(): # print(request.json.get('author')) id = db.post.insert(content=request.json.get('content'), reviewer=request.json.get('reviewer')) # print(request.json.get('content')) return dict(id=id, author=get_user_name())
@action('index') @action.uses(db, auth, url_signer, 'index.html') def index(): return dict( # COMPLETE: return here any signed URLs you need. # test pycharm connection load_posts_url=URL('load_posts', signer=url_signer), add_post_url=URL('add_post', signer=url_signer), delete_post_url=URL('delete_post', signer=url_signer), ) # first API function: used to answer requests from JS in browser @action('load_posts') @action.uses(db, auth, url_signer.verify()) def load_posts(): rows = db(db.posts).select().as_list() return dict(rows=rows) # second API function: used to answer add_post requests from JS in browser @action('add_post', method="POST") @action.uses(db, url_signer.verify()) def add_post(): row = db(db.auth_user.email == get_user_email()).select().first() name = row.first_name + " " + row.last_name if row is not None else "Unknown" id = db.posts.insert( post_desc=request.json.get('post_desc'),
get_vote_names_url=URL('get_vote_names', signer=url_signer), find_posts_url=URL('find_posts', signer=url_signer), ) @action('view_leaderboard', method="GET") @action.uses(db, auth, url_signer, 'view_leaderboard.html') def view_leaderboard(): user = auth.get_user() or redirect(URL('auth/login')) return dict( load_view_leaderboard=URL('load_view_leaderboard', signer=url_signer)) @action('load_view_leaderboard', method="GET") @action.uses(db, url_signer.verify()) def load_view_leaderboard(): user = auth.get_user() or redirect(URL('auth/login')) newRows = [] #result [{username, avg, rep, profile pic}, ...] checked = [] #history thumbsup = 0 thumbslength = 0 rows = db(db.post).select().as_list() for r in rows: #parse posts dic = {} if r['username'] not in checked: #check if we havent validated already thumbsup = 0 thumbslength = 0 dic['username'] = r['username'] checked.append(r['username']) rows2 = db(db.post.username == r['username']).select().as_list()
"""Note that in the above declaration, the product_id argument must match the <product_id> argument of the @action.""" # We read the product. p = db.product[product_id] if p is None: # Nothing to edit. This should happen only if you tamper manually with the URL. redirect(URL('index')) form = Form(db.product, record=p, deletable=False, csrf_session=session, formstyle=FormStyleBulma) if form.accepted: # We always want POST requests to be redirected as GETs. redirect(URL('index')) return dict(form=form) @action('delete_product/<product_id>', method=['GET', 'POST']) @action.uses(session, db, url_signer.verify()) def delete_product(product_id=None): """Note that in the above declaration, the product_id argument must match the <product_id> argument of the @action.""" # We read the product. p = db.product[product_id] if p is None: # Nothing to edit. This should happen only if you tamper manually with the URL. redirect(URL('index')) db(db.product.id == product_id).delete() redirect(URL('index'))
if p is None: # Nothing to edit. This should happen only if you tamper manually with the URL. redirect(URL('index')) email = auth.current_user.get('email') if db.person[person_id].user_email != email: redirect(URL('index')) form = Form(db.person, record=p, deletable=False, csrf_session=session, formstyle=FormStyleBulma) if form.accepted: # We always want POST requests to be redirected as GETs. redirect(URL('index')) return dict(form=form) @action('delete_person/<person_id>', method=['GET', 'POST']) @action.uses('contact_form.html', session, db, url_signer.verify(), auth.user) # def delete_product(person_id=None): """Note that in the above declaration, the product_id argument must match the <product_id> argument of the @action.""" # We read the product. p = db.person[person_id] if p is None: # Nothing to edit. This should happen only if you tamper manually with the URL. redirect(URL('index')) db(db.person.id == person_id).delete() deleted = db.person[person_id] if deleted is None: redirect(URL('index')) return dict(deleted=deleted)