def edit(): isNoneError(request.args.get('room_id')) room_id = isNotIntegerError(request.args.get('room_id')) isFalseError(current_user.isAdmin(room_id)) isNoneError(current_user.isAdmin(room_id)) for assoc in current_user.rooms: if assoc.room.id == int(room_id): return render_template('room/edit.html', room=assoc.room)
def exit(): isNoneError(request.form.get('room_id')) room_id = isNotIntegerError(request.form.get('room_id')) isTrueError(current_user.isAdmin(room_id)) isNoneError(current_user.isAdmin(room_id)) for assoc in current_user.rooms: if assoc.room.id == int(room_id): assoc.room.exit(current_user.id) return redirect(url_for('room.index'))
def login_post(): if current_user != None and current_user.is_authenticated: if current_user.isManager(): return redirect(url_for("main.managerHomepage")) elif current_user.isAdmin(): return redirect(url_for("main.adminHomepage")) username = request.form.get('username') password = request.form.get('password') remember = True if request.form.get('remember') else False user = User(username) # check if user actually exists # take the user supplied password, hash it, and compare it to the hashed password in database if user.password == "" or not check_password_hash(user.password, password): db.db.Logins.update({"ID": user.id}, {"$inc": {"attempts": 1}}) flash('Please check your login details and try again.') return redirect( url_for('auth.login') ) # if user doesn't exist or password is wrong, reload the page if db.db.Logins.find({"ID": user.id}).next()["attempts"] >= 20: flash("Too many login attempts, contact an administrator") return redirect(url_for('auth.login')) # if the above check passes, then we know the user has the right credentials login_user(user, remember=remember) if user.isManager(): return redirect(url_for('main.managerHomepage')) elif user.isAdmin(): return redirect(url_for('main.adminHomepage'))
def licenseGen(): g.isAdmin = current_user.isAdmin() forms = formsModel.createLicense_form() if forms.validate_on_submit(): formData = dict() formData.update(forms.data) del formData['csrf_token'] del formData['submit'] app.logger.info( '\nGet a license create requests:\n From: %s\n Agent: %s\n Cookies: %s\n Forms: %s\n' % (request.remote_addr, request.user_agent, request.cookies, formData)) licenseFile = CL.createLicense(formData) licenseLog = dbModel.LicenseRecords(username=current_user.username, from_ip=request.remote_addr, device_code=forms.device_code.data, license_path=licenseFile[0]) db.session.add(licenseLog) db.session.commit() app.logger.info('\nLicense file Path: %s\nLicense Detail:\n%s' % (licenseFile[0], licenseFile[1])) licenseFileName = licenseFile[0].split('/')[-1] return render_template('license_generator.html', title='授权工具', display_value='block', licenseLink=licenseFileName, forms=forms) else: return render_template('license_generator.html', title='授权工具', display_value='none', forms=forms)
def admin_users_edit(user_id): """ Edit an existing user :param int user_id: id of an existing user :status 200: User report updated :status 400: user not exist :status 503: Not sufficent permission """ if not current_user.isAdmin(): abort(403) user = User.query.filter_by(id=user_id).first() if not user: abort(400) form = UserEditForm(obj=user) if form.validate_on_submit(): form.populate_obj(user) db.session.commit() #generate new QR code if form.role.data == '2': generate_qr_code(user.getUsername(), form.username.data) flash('User information updated.') return render_template("users/admin/users-edit.html", form=form)
def add_member(): if current_user.isAdmin(): forms = formsModel.regist_link() if forms.validate_on_submit(): if dbModel.RegistLink.query.filter_by(email=forms.email.data.lower( ))[:] or dbModel.RegistLink.query.filter_by( work_id=forms.work_id.data)[:]: userLists = dbModel.RegistLink.query.all() return render_template('add_member.html', userLists=userLists, form=forms, result='added', work_id=forms.work_id.data, email=forms.email.data.lower()) else: add_id = dbModel.RegistLink(work_id=forms.work_id.data, email=forms.email.data.lower()) db.session.add(add_id) db.session.commit() userLists = dbModel.RegistLink.query.all() return render_template('add_member.html', userLists=userLists, form=forms, result='success', work_id=forms.work_id.data, email=forms.email.data.lower()) userLists = dbModel.RegistLink.query.all() return render_template('add_member.html', userLists=userLists, form=forms) return render_template('message.html', msg='admin_required')
def gift(): isNoneError(request.form.get('room_id')) isNoneError(request.form.get('item_id')) room_id = isNotIntegerError(request.form.get('room_id')) item_id = isNotIntegerError(request.form.get('item_id')) isNoneError(current_user.isAdmin( room_id)) # checks that the user is member of the room isTrueError(current_user.ownItem( room_id, item_id)) # checks that the user is not the owner item = Item.query.get(item_id) if item: if item.gid is None: item.gid = current_user.id # becomes the gifter else: if current_user.id == item.gid: item.gid = None else: abort(403) commit() return redirect(url_for('item.list_', room_id=room_id))
def decorated_function(*args, **kwargs): if not current_user.isAdmin(): return render_template( '403.html', message='You must be an administrator to access this page.', menu='home'), 403 return f(*args, **kwargs)
def admin_users_delete(): """ This function allow admin to delete an user record in the database :param int user_id: id of the user :status 201: user deleted :status 404: user not exist :status 503: Not sufficent permission """ if not current_user.isAdmin(): abort(403), 503 user = User.query.filter_by(id=request.form['user_id']).first() if user: #delete qr_code if user.getRole() == 'engineer': filename = user.getUsername() + '.png' directory = os.path.join(QR_UPLOAD_FOLDER_URL, filename) if os.path.exists(directory): os.remove(directory) db.session.delete(user) db.session.commit() return '', 200 abort(404)
def admin_cars_create(): """ This function allow admin to create a car record in the database :reqheader Accept: application/json :param string make: car brand :param string color: car color :param string body_type: car body type :param int seats: number of seats :param int cost_per_hour: cost per hour :status 200: car created :status 400: bad request """ if not current_user.isAdmin(): abort(403) form = CarForm(request.form) if form.validate_on_submit(): car = Car(make=form.make.data, color=form.color.data, body_type=form.body_type.data, seats=form.seats.data, cost_per_hour=form.cost_per_hour.data) # Insert the record in our database and commit it db.session.add(car) db.session.commit() flash('Car added.') return redirect(url_for('users.admin_cars_create')) # redirect user to the 'home' method of the user module. return render_template("users/admin/cars-create.html", form=form)
def admin_bookings(): """ Redirect the admin to booking page which show the list of bookings """ if not current_user.isAdmin(): abort(403) bookings = Booking.query.order_by(desc(Booking.id)).all() return render_template("users/admin/bookings.html", bookings=bookings)
def admin_cars(): """ Redirect the admin to car page which show the list of cars """ if not current_user.isAdmin(): abort(403) cars = Car.query.order_by(desc(Car.id)).all() return render_template("users/admin/cars.html", cars=cars)
def login_page(): if current_user != None and current_user.is_authenticated: if current_user.isAdmin(): return redirect(url_for("main.adminHomepage")) elif current_user.isManager(): return redirect(url_for("main.managerHomepage")) return render_template("loginPage.html")
def admin_users(): """ Redirect admin to user management page """ if not current_user.isAdmin(): abort(403) users = User.query.order_by(desc(User.id)).all() return render_template("users/admin/users.html", users=users)
def edit_addpsw(): password = request.form.get('password') secret = request.form.get('current_secret') new_secret = request.form.get('new_secret') confirm_secret = request.form.get('confirm_secret') isNoneError(request.form.get('room_id')) room_id = isNotIntegerError(request.form.get('room_id')) isFalseError(current_user.isAdmin(room_id)) isNoneError(current_user.isAdmin(room_id)) if not new_secret or not confirm_secret: flash('#2The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) #if not check_password_hash(current_user.password, password): if not check_password_hash(current_user.password, password): flash('#2The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) if not check_password_hash(generate_password_hash(new_secret), confirm_secret)\ or not check_password_hash(generate_password_hash(confirm_secret), new_secret): flash('#2The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) roomQuery = Room.query.join(Association)\ .filter(Association.room_id==room_id)\ .filter(Association.user_id==current_user.id)\ .filter(Association.role_id==0).first() if roomQuery.secret: if not secret: flash('#2The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) if not check_password_hash(roomQuery.secret, secret): flash('#2The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) roomQuery.secret = generate_password_hash(new_secret) commit() return redirect(url_for('room.index'))
def admin_cars_delete(): if not current_user.isAdmin(): return "503 Not sufficent permission", 503 car = Car.query.filter_by(id=request.form['car_id']).first() if car: db.session.delete(car) db.session.commit() return '', 200 return 'car not exist.', 404
def askPlayerInfo(): id = request.form["id"] id = int(id) player = Joueur.query.get(id) return json.dumps({ "id": player.getId(), "pseudo": player.getUsername(), "admin": current_user.isAdmin() })
def create(): if request.method == 'GET': isNoneError(request.args.get('room_id')) room_id = isNotIntegerError(request.args.get('room_id')) isNoneError(current_user.isAdmin(room_id)) return render_template('item/create.html', room=[ assoc.room for assoc in current_user.rooms if assoc.room.id == room_id ][0]) else: name = request.form.get('name') quantity = request.form.get('quantity') price = request.form.get('price') url = request.form.get('url') isNoneError(request.form.get('room_id')) room_id = isNotIntegerError(request.form.get('room_id')) isNoneError(current_user.isAdmin(room_id)) code, msgError = check_item_name(name) if code != 0: flash(msgError) return redirect(url_for('item.create', room_id=room_id)) if not checkNumberInput(price) or not checkNumberInput(quantity): flash('A positive number is required for a quantity and a price.') return redirect(url_for('item.create', room_id=room_id)) item = Item(\ name=name,\ price=price,\ quantity=quantity,\ url=url,\ rid=room_id,\ uid=current_user.id,\ gid=None,\ ) addObj(item) return redirect(url_for('item.list_', room_id=room_id))
def login_redirect(): """ Redirect to page based on user role """ if current_user.isEngineer(): return redirect(url_for('users.engineer_reports')) if current_user.isManager(): return redirect(url_for('users.dashboard')) if current_user.isAdmin(): return redirect(url_for('users.admin_pages')) return redirect(url_for('users.home'))
def edit_name(): name = request.form.get('name') secret = request.form.get('current_secret') confirm_secret = request.form.get('confirm_secret') isNoneError(request.form.get('room_id')) room_id = isNotIntegerError(request.form.get('room_id')) isFalseError(current_user.isAdmin(room_id)) isNoneError(current_user.isAdmin(room_id)) roomQuery = Room.query.join(Association)\ .filter(Association.room_id==room_id)\ .filter(Association.user_id==current_user.id)\ .filter(Association.role_id==0).first() isNoneError(roomQuery) code, msgError = check_room_name(name) if code != 0: flash('#1' + msgError) return redirect(url_for('room.edit', room_id=room_id)) if roomQuery.secret: if not secret or not confirm_secret: flash('#1The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) if not check_password_hash(generate_password_hash(secret), confirm_secret)\ or not check_password_hash(generate_password_hash(confirm_secret), secret): flash('#1The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) if not check_password_hash(roomQuery.secret, secret): flash('#1The information provided is incorrect.') return redirect(url_for('room.edit', room_id=room_id)) roomQuery.name = name + "#" + str(current_user.id) commit() return redirect(url_for('room.index'))
def list_(): isNoneError(request.args.get('room_id')) room_id = isNotIntegerError(request.args.get('room_id')) isNoneError(current_user.isAdmin(room_id)) for assoc in current_user.rooms: if assoc.room.id == int(room_id): return render_template('item/list.html', room=assoc.room) return render_template('room.html', user=current_user)
def delete_user(user): if current_user.isAdmin(): deleUser = dbModel.RegistLink.query.filter_by(work_id=user).first() if deleUser.regist_if: deleAccount = dbModel.User.query.filter_by( email=deleUser.email).first() db.session.delete(deleAccount) db.session.delete(deleUser) db.session.commit() return redirect(url_for('add_member')) else: return render_template('message.html', msg='admin_required')
def admin_cars_edit(car_id): if not current_user.isAdmin(): return "503 Not sufficent permission" car = Car.query.filter_by(id=car_id).first() if not car: return "400 car not exists" form = CarForm(obj=car) if form.validate_on_submit(): form.populate_obj(car) db.session.commit() flash('Car information updated.') return render_template("users/admin/cars-edit.html", form=form)
def faculty(): professors = db.session.query(Professor).all() if current_user.is_authenticated: if current_user.isAdmin(): return render_template('professor/list.html', professors=professors, auth=True, pageNum=5) return render_template('professor/list.html', professors=professors, auth=False, pageNum=5)
def kick(): isNoneError(request.form.get('room_id')) isNoneError(request.form.get('user_id')) room_id = isNotIntegerError(request.form.get('room_id')) user_id = isNotIntegerError(request.form.get('user_id')) isNoneError(current_user.isAdmin(room_id)) isFalseError(current_user.isAdmin(room_id)) user_to_kick = current_user.getUserByID(user_id) isNoneError(user_to_kick.isAdmin(room_id)) isTrueError(user_to_kick.isAdmin(room_id)) for assoc in current_user.rooms: if assoc.room.id == int(room_id): assoc.room.exit(user_id) return redirect(url_for('item.list_', room_id=room_id))
def delete(): isNoneError(request.form.get('room_id')) isNoneError(request.form.get('item_id')) room_id = isNotIntegerError(request.form.get('room_id')) item_id = isNotIntegerError(request.form.get('item_id')) isNoneError(current_user.isAdmin(room_id)) isFalseError(current_user.ownItem(room_id, item_id)) item = Item.query.get(item_id) if item: deleteObj(item) return redirect(url_for('item.list_', room_id=room_id))
def admin_cars_create(): if not current_user.isAdmin(): return "503 Not sufficent permission" form = CarForm(request.form) if form.validate_on_submit(): car = Car(make=form.make.data, color=form.color.data, body_type=form.body_type.data, seats=form.seats.data, cost_per_hour=form.cost_per_hour.data) # Insert the record in our database and commit it db.session.add(car) db.session.commit() flash('Car added.') return redirect(url_for('users.admin_cars_create')) # redirect user to the 'home' method of the user module. return render_template("users/admin/cars-create.html", form=form)
def admin_users_edit(user_id): if not current_user.isAdmin(): return "503 Not sufficent permission" user = User.query.filter_by(id=user_id).first() if not user: return "400 user not exists" form = UserEditForm(obj=user) if form.validate_on_submit(): form.populate_obj(user) db.session.commit() #generate new QR code if form.role.data == '2': generate_qr_code(user.getUsername(), form.username.data) flash('User information updated.') return render_template("users/admin/users-edit.html", form=form)
def dashboard(): """ Redirect to dashboard """ if not (current_user.isAdmin() or current_user.isManager()): abort(403) line_chart_data = get_line_chart_data() pie_chart_data = get_pie_chart_data() bar_chart_data = get_bar_chart_data() return render_template("users/dashboard.html", line_chart_labels=line_chart_data['labels'], line_chart_values=line_chart_data['values'], pie_chart_labels=pie_chart_data['labels'], pie_chart_values=pie_chart_data['values'], bar_chart_labels=bar_chart_data['labels'], bar_chart_values=bar_chart_data['values'])
def admin_users_delete(): if not current_user.isAdmin(): return "503 Not sufficent permission", 503 user = User.query.filter_by(id=request.form['user_id']).first() if user: #delete qr_code if user.getRole() == 'engineer': filename = user.getUsername() + '.png' directory = os.path.join(QR_UPLOAD_FOLDER_URL, filename) if os.path.exists(directory): os.remove(directory) db.session.delete(user) db.session.commit() return '', 200 return 'user not exist.', 404