def input_2(): if current_user.get_admin(): return redirect(url_for('admin')) if current_user.get_post_num() > 1: return redirect(url_for('input_0')) form = MiddleForm() if form.validate_on_submit(): file = form.__class__.__name__ + '-' + secure_filename( form.upload.data.filename) file_path = current_user.path if not os.path.exists(file_path): os.makedirs(file_path) filedata = os.listdir(file_path) if file not in filedata: filedata.append(file) form.upload.data.save(file_path + '/' + file) post = { 'schedule': form.schedule.data, 'preview': form.preview.data, 'post': form.post.data, 'upload': filedata, } p = Post(current_user.name, post_2=post) p.submit() current_user.set_post_num(3) return redirect(url_for('input_0')) return render_template('MiddleForm.html', title='中期检查', form=form)
def targets_add_one(): #Tarkista, että käyttäjä on admin messages = [] if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) #Tässä vaiheessa varmaankin täytyy tehdä linkitys Kohteen ja Sijainnin #välille. #Älä luo kohdetta, jos tietokannassa ei ole yhtään sijaintia TAI #luo kohde ilman sijaintia, ja hoida sijainnittoman kohteen käsittely jotenkin name = request.form.get("name") location = request.form.get("location") form = TargetForm(request.form) if not request.form.get("location"): messages.append(msg_target_no_loc) if not form.validate() or messages: locations = Location.query.all() return render_template("targets/new.html", form=form, locations=locations) new_target = Target(name, location) #new_target.location_id = location db.session().add(new_target) db.session().commit() return redirect(url_for("targets_get_one", id=new_target.id))
def input_3(): if current_user.get_admin(): return redirect(url_for('admin')) if current_user.get_post_num() > 3: return redirect(url_for('input_0')) form = FinalForm() if form.validate_on_submit(): file = form.__class__.__name__ + '-' + secure_filename( form.upload.data.filename) file_path = current_user.path if not os.path.exists(file_path): os.makedirs(file_path) filedata = os.listdir(file_path) if file not in filedata: filedata.append(file) form.upload.data.save(file_path + '/' + file) post = { 'change': form.change.data, 'achievement': form.achievement.data, 'post': form.post.data, 'upload': filedata, } p = Post(current_user.name, post_3=post) p.submit() current_user.set_post_num(7) return redirect(url_for('input_0')) return render_template('FinalForm.html', title='成果验收', form=form)
def input_1(): if current_user.get_admin(): return redirect(url_for('admin')) if current_user.get_post_num() > 0: return redirect(url_for('input_0')) form = BeginForm() if form.validate_on_submit(): file = form.__class__.__name__ + '-' + secure_filename( form.upload.data.filename) file_path = current_user.path if not os.path.exists(file_path): os.makedirs(file_path) filedata = os.listdir(file_path) if file not in filedata: filedata.append(file) form.upload.data.save(file_path + '/' + file) post = { 'project': form.project.data, 'person': form.person.data, 'money': form.money.data, 'post': form.post.data, 'upload': filedata, } p = Post(current_user.name, post_1=post) p.submit() current_user.set_post_num(1) return redirect(url_for('input_0')) return render_template('BeginForm.html', title='项目申请', form=form)
def get(self): try: admin = current_user.get_admin() except: admin = 'n' product_list = [] conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT * FROM products ") products = c.fetchall() if admin == 'y': for product in products: product_list.append({ "productName": product[1], "productImage": product[2], "productDescription": product[3], "productSellingPrice": product[4], "productCostPrice": product[5], "productCategory": product[6], "status": product[7], "productStock": product[8] }) else: for product in products: if product[7] == "active": product_list.append({ "productName": product[1], "productImage": product[2], "productDescription": product[3], "productCostPrice": product[5], "productCategory": product[6], "status": product[7] }) return jsonify(data=product_list)
def targets_modify_one(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) form = TargetForm(request.form) messages = [] if not request.form.get("location"): messages.append(msg_target_no_loc) if not form.validate() or messages: return render_template("targets/edit.html", target=Target.query.get(id), locations=Location.query.all(), form=form, messages=messages) target = Target.query.get(id) name = request.form.get("name") location = request.form.get("location") messages = [] target.name = name target.location_id = location db.session().commit() return redirect(url_for("targets_get_one", id=target.id))
def locations_delete_one(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) Location.query.filter_by(id=id).delete() db.session().commit() return redirect(url_for("locations_get_all"))
def executors_edit(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) executor = Executor.query.get(id) db.session().commit() return render_template("executors/edit.html", executor=executor, form=ExecutorForm(obj=executor))
def actions_delete_one(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) to_be_deleted = Action.query.filter_by(id=id).first() db.session().delete(to_be_deleted) db.session().commit() return redirect(url_for('actions_get_all'))
def post(): if not current_user.get_admin(): return redirect(url_for('index')) form = ProfileForm() if form.validate_on_submit(): users = mongo.db.users user = users.find_one({'name': form.username.data}) user['pass'] = True users.save(user) return redirect(url_for('profile', username=form.username.data)) return abort(404)
def admin(): if(current_user.get_admin()): return(redirect(url_for("index", title = "Home"))) form = AdminForm() if(form.validate_on_submit()): if(ADMIN_PIN == form.pin.data): current_user.set_admin(True) flash("Congratulations you are now an admin", "success") return(redirect(url_for("index"))) flash("PIN incorrect", "errors") return(render_template("admin.html", form = form, title = "Admin"))
def delete_poll(id): user_id = int(current_user.id) admin = current_user.get_admin() poll = Poll.query.filter_by(id = id).first() if(not poll): flash("Poll to delete not found") return(redirect(url_for("index", title = "Home"))) poll_owner = int(poll.user_id) if(admin or user_id == poll_owner): poll.delete() flash("Poll deleted forever", category = "info") return(redirect(url_for("index", title = "Home")))
def add_voucher(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: return render_template("admin/Vouchers/Add_Voucher.html", title="Add Voucher")
def show_product(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: return render_template("admin/Products/Show_Product.html", title="Products")
def delete_user(id): admin = current_user.get_admin() id = int(id) user_id = int(current_user.id) deleting_self = (id == user_id) if(admin or deleting_self): user = User.query.filter_by(id = id).first() username = user.username user.delete() flash("User " + username + " is gone forever!", category = "info") return(redirect(url_for("index", title = "Home"))) else: return(redirect(url_for("index", title = "Home")))
def admin(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: return render_template("admin/Admin.html", title="Dashboard", cookie=request.headers['cookie'])
def put(self): try: admin = current_user.get_admin() has_account = True except: admin = 'n' has_account = False if admin == "y": request_json_data = request.get_json(force=True) product_name = request_json_data['product_name'] product_status = request_json_data['product_status'].lower() conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() # validate product name, check if it is in database c.execute("SELECT * FROM products WHERE name = ?", (product_name, )) if not c.fetchone(): response = jsonify( f"Invalid product name, product name {product_name} not found." ) response.status_code = 400 return response # validate product status if product_status not in ["inactive", "active"]: response = jsonify("Invalid product status") response.status_code = 400 return response c.execute("UPDATE products SET status = ? WHERE name = ?", (product_status, product_name)) conn.commit() return jsonify(data="Success") else: # logging log_type = "Unauthorized Access" if has_account: log_details = f"A user with the username {current_user.get_username()} tried to change status of a product." else: log_details = "An unknown user tried to change status of a product." Logging(log_type, log_details) response = jsonify( data="You do not have authorized access to perform this action." ) response.status_code = 401 return response
def put(self): try: identity = current_user.get_username() admin = current_user.get_admin() has_account = True except: identity = None admin = 'n' has_account = False if admin == "y": conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() request_json_data = request.get_json(force=True) voucher_name = request_json_data['voucher_name'] voucher_status = request_json_data['voucher_status'].lower() # validate voucher_name c.execute("SELECT * FROM vouchers WHERE title=?", (voucher_name, )) if not c.fetchone(): response = jsonify(data="No such Voucher Title.") response.status_code = 400 return response # validate voucher_status if voucher_status not in ["active", "inactive"]: response = jsonify(data="Invalid voucher status.") response.status_code = 400 return response # prevent sql injection c.execute("UPDATE vouchers SET status = ? WHERE title = ?", ( voucher_status, voucher_name, )) conn.commit() return jsonify(data="Success. Voucher Status Updated.") else: # logging log_type = "Unauthorized Access" if has_account: log_details = f"A user with the username {identity} tried to change status of voucher." else: log_details = "An unknown user tried to change status of a voucher." Logging(log_type, log_details) response = jsonify(data="Unauthorized access") response.status_code = 401 return response
def executors_delete_one(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) #ADMIN-käyttäjän poistaminen on estetty toistaiseksi kokonaan user = Executor.query.get(id) if user.admin: db.session().commit() return render_template( "index.html", msg="Admin käyttäjien poistaminen ei ole mahdollista!") to_be_deleted = Executor.query.filter_by(id=id).first() db.session().delete(to_be_deleted) db.session().commit() return redirect(url_for("executors_get_all"))
def locations_add_one(): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) form = LocationForm(request.form) messages = [] if not form.validate(): return render_template("locations/new.html", form=form) name = request.form.get("name") location = Location(name) db.session().add(location) db.session().commit() return render_template("locations/location.html", location=location)
def add_product(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: category_list = ['barbell', 'bench', 'racks', 'plates'] return render_template("admin/Products/Add_Product.html", title="Add Product", category_list=category_list, cookie=request.headers['cookie'])
def activities_logs(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("Select * from logs") queries = c.fetchall() conn.close() return render_template("admin/Logging/activities_logs.html", title='Activities Logs', data=queries)
def locations_modify_one(id): if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) form = LocationForm(request.form) messages = [] if not form.validate(): return render_template("locations/edit.html", form=form, location=Location.query.get(id)) name = request.form.get("name") loc = Location.query.get(id) loc.name = name db.session().commit() return redirect(url_for('locations_get_one', id=id))
def profile(username): if not current_user.get_admin(): return redirect(url_for('index')) form = ProfileForm() users = mongo.db.users user = users.find_one({'name': username}) if 'pass' not in user.keys(): user['passed'] = False mongo.db.users.save(user) post = user['pass'] if not user or user['post_num'] < 1: abort(404) return render_template('Profile.html', forms=user['posts'], form=form, post=post, username=username, admin=False)
def technical_logs(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: token = "e96e83862dab40a0ad31c8c9caa963b8741acd8ee1304f1b9d2e37776d78c27f" url = "https://sentry.io/api/0/projects/indirect-bi/indirect-bi/issues/" header = {"Authorization": f"Bearer {token}"} my_response = requests.get(url, headers=header) data = my_response.json() return render_template("admin/Logging/technical_log.html", title="Technical Logs", data=data)
def post(self, user_id): try: admin = current_user.get_admin() has_account = True except: admin = 'n' has_account = False if admin == 'y': conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() request_json_data = request.get_json(force=True) voucher_title = request_json_data["title"] # Validate if voucher code is in database while True: voucher_code = get_random_alphanumeric_string(8) c.execute("SELECT * FROM vouchers WHERE code=?", (voucher_code,)) if not c.fetchone(): break voucher_image = "" voucher_description = request_json_data["description"] voucher_amount = request_json_data["amount"] voucher_status = "unused" used_date = "" c.execute("INSERT INTO vouchers VALUES (?, ?, ?, ?, ?, ?, ?, ?)", (voucher_title, voucher_code, voucher_description, voucher_image, voucher_amount, voucher_status, used_date, user_id)) conn.commit() conn.close() return jsonify(data="Voucher created with user id of {}".format(user_id)) else: # logging log_type = "Unauthorized Access" if has_account: log_details = f"A user with the username {current_user.get_username()} tried to add a new product." else: log_details = "An unknown user tried to change status of a product." Logging(log_type, log_details) response = jsonify(data="You do not have authorized access to perform this action.") response.status_code = 401 return response
def manage_user(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT * FROM users") users = c.fetchall() conn.close() return render_template("admin/Manage_Users/manage_user.html", title="users", users=users)
def Queries(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT rowid, * FROM query") query = c.fetchall() conn.close() return render_template("admin/Query/Queries.html", title="query", query=query)
def add_user_voucher(): isAdmin = False try: if current_user.get_admin() == 'y': isAdmin = True else: abort(404) except: abort(404) if isAdmin: conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute( "SELECT username, user_id FROM users WHERE admin <> 'y' and user_id <> 0" ) users = c.fetchall() return render_template("admin/Vouchers/Add_User_Voucher.html", title="Add User Voucher", users=users)
def executors_add_one(): #Siivoa tämä? if current_user.is_authenticated: if not current_user.get_admin(): return render_template("index.html", msg=msg_only_admin) users = db.session.query(Executor).count() if users != 0 and not current_user.is_authenticated: return render_template("index.html", msg=msg_only_admin) pword = request.form.get("pword") name = request.form.get("name") existing = Executor.query.filter_by(name=name).first() if existing: return render_template("executors/new.html", msg="Käyttäjänimi on jo käytössä") form = ExecutorForm(request.form) if not form.validate(): return render_template("executors/new.html", form=form) title = request.form.get("title") # hash password here admin = False new = Executor(name, title, pword, admin) if users == 0: admin = True new.admin = admin db.session().add(new) db.session().commit() return redirect(url_for('executors_get_one', id=new.id))