def tasks():
"""Get incomplete tasks for the current user and mark tasks as complete."""
if request.method == 'GET':
tasks = current_user.get_active_tasks()
return render_template('tasks.html', tasks=tasks)
elif request.method == 'POST':
# check validity of csrf token
if request.form.get('state') != session['state']:
# print("\nInvalid state token")
# print("Token from form:", request.form.get('state'))
# print("Token from session:", session['state'])
response = jsonify(failed='403 invalid csrf token')
response.status_code = 403
return response
task_id = request.form.get('complete')
task = Task.query.get(task_id)
# if task does not belong to current user
# raise 403 error
if task.user != current_user.id:
response = jsonify(failed='403 not authorized')
response.status_code = 403
return response
task.completed_on = current_user.get_local_date()
db.session.add(task)
response = jsonify(success=task_id)
response.status_code = 200
return response
def dashboard():
"""Show current user's tasks and projects."""
# Generate a csrf token and
# add to user session
session['state'] = generate_csrf_token()
# Get user's tasks
tasks = current_user.get_active_tasks()
# Projects
today = date.today()
goals = []
project_goals = current_user.get_project_goals()
for id, name, goal in project_goals:
p = Project.query.get(id)
contributed = p.time_contributed(start=current_user.get_local_date())
goals.append((id, name, goal, contributed))
projects = [project.to_dict() for project in current_user.projects
if project.active]
return render_template(
'dashboard.html', tasks=tasks, goals=goals, projects=projects)
