def update_company_name():
# authenticate colleague:
if not is_auth_company(current_user):
return unathorized(
"You are not authorized to modify the company name.", "error")
form = UpdateCompanyNameForm()
company = Company.query.get(current_user.company_id)
if form.validate_on_submit():
colleague = Colleagues.query.get(current_user.id)
if company.name != form.company_name.data:
company.name = form.company_name.data
try:
db.session.commit()
flash(f"Your Company Name changed successfully to", "inform")
flash(f"{company.name}.", "inform")
except:
flash(f"Any error occured. Please try again.", "error")
db.session.rollback()
return redirect(url_for("company_profile"))
return render_template("update_company_name.html",
type="Company Name",
value=company.name,
colleague=current_user,
form=form,
logo=get_logo(current_user),
nav=get_nav(current_user))
def privilegs():
# authenticate colleague:
if not is_auth_privilegs(current_user):
return unathorized("You cannot to vew this page.", "error")
company = Company.query.get(current_user.company_id)
company_id = company.id
# get all admins of company with any privileg:
admins = db.session.query(Colleagues, Admins).filter(
Colleagues.id == Admins.colleague_id,
Colleagues.company_id == company_id).all()
colleagues = Colleagues.query.filter(
Colleagues.company_id == current_user.company_id).all()
for admin in admins:
for colleague in colleagues:
if admin.Admins.colleague_id == colleague.id:
colleagues.remove(colleague)
return render_template(
"privilegs.html",
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
admins=admins,
colleagues=colleagues,
nav=get_nav(current_user))
def delete_company():
# authenticate colleague:
if not is_auth_company(current_user):
return unathorized("You are not authorized to delete company.",
"error")
del_company(current_user.company_id)
return redirect(url_for("landing_page"))
def colleagues():
# authenticate colleague:
if not is_auth_colleague(current_user):
return unathorized("You cannot to vew this page.", "error")
colleagues = Colleagues.query.filter(
Colleagues.company_id == current_user.company_id).all()
return render_template(
"colleagues.html",
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
colleagues=colleagues,
nav=get_nav(current_user))
def company_profile():
# authenticate colleague:
if not is_auth_company(current_user):
return unathorized("You cannot to view this page.", "error")
company = Company.query.get(current_user.company_id)
company_id = company.id
# get all admins of company with update_company privileg:
company_admins = db.session.query(Colleagues, Admins).filter(
Colleagues.id == Admins.colleague_id,
Colleagues.company_id == company_id,
Admins.update_company == True).all()
return render_template("company_profile.html",
logo=get_logo(current_user),
company=company,
company_admins=company_admins,
nav=get_nav(current_user))
def main():
company = Company.query.get(current_user.company_id)
company_id = company.id
# display existed Idea Boxes:
boxes = db.session.query(Boxes, Admins, Colleagues).filter(
Boxes.admin_id == Admins.id, Colleagues.id == Admins.colleague_id,
Colleagues.company_id == company_id).all()
# replace any HTML elements and entities from the name:
for box in boxes:
# query the last activity from the idea table corresponding to the current box
activity = db.session.query(func.max(
Ideas.create_at)).filter(Ideas.box_id == box.Boxes.id).first()
# query all ideas of the current box:
ideas = Ideas.query.filter(Ideas.box_id == box.Boxes.id).all()
box.Boxes.counter = len(ideas)
# query the last 5 poster's avatars:
posters = []
for poster in ideas[-5:]:
data = {"name": poster.sign, "avatar": "incognito-cut.svg"}
if poster.sign != "incognito":
data["avatar"] = get_avatar(
Colleagues.query.get(poster.colleague_id))
posters.append(data)
box.Boxes.posters = posters
box.Boxes.activity = activity[0]
box.Boxes.name = remove_html(box.Boxes.name)
return render_template(
"main.html",
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
boxes=boxes,
nav=get_nav(current_user))
def update_joining_password():
# authenticate colleague:
if not is_auth_company(current_user):
return unathorized(
"You are not authorized to modify the joining password.", "error")
form = UpdateJoiningPasswordForm()
if form.validate_on_submit():
company = Company.query.get(current_user.company_id)
if not company.check_joining_password(form.password.data):
flash("Invalid password. Please log in again.", "warning")
logout_user()
return redirect(url_for("login"))
if form.password.data != form.new_password.data:
if form.new_password.data == form.repeat_new_password.data:
try:
company.set_joining_password(form.new_password.data)
db.session.commit()
flash(f"The Joining password changed successfully.",
"inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
else:
flash(
f"Your repeat password does not match. Please try again.",
"warning")
else:
flash(f"The new joining password equal with the old one.",
"inform")
return redirect(url_for("company_profile"))
return render_template("update_joining_password.html",
type="Joining Password",
value="",
form=form,
logo=get_logo(current_user),
colleague=current_user,
nav=get_nav(current_user))
def upload_logo():
# authenticate colleague:
if not is_auth_company(current_user):
return unathorized("You cannot to upload logo.", "error")
form = UpdateLogoForm()
if form.validate_on_submit():
filename = form.logo.data.filename
extension = get_extension(filename)
# delete previous logo:
company = Company.query.get(current_user.company_id)
old_extension = company.logo
if old_extension:
old_logo = f"static/logo/{company.id}.{old_extension}"
if os.path.exists(old_logo):
os.remove(old_logo)
# update company logo:
company.logo = extension
try:
db.session.commit()
# save new logo:
form.logo.data.save(f"static/logo/{company.id}.{extension}")
flash(f"Your company logo successfully changed.", "inform")
except:
db.session.rollback()
flash(f"Any error occured. Please try again.", "error")
return redirect(url_for("main"))
return render_template("update_logo.html",
type="Company Logo",
value="",
enctype="multipart/form-data",
form=form,
colleague=current_user,
logo=get_logo(current_user),
nav=get_nav(current_user))
def idea_box(id):
# have to check if the current user belong to the same company with the idea box:
idea_box = get_idea_box(id, current_user)
# log out unathorized user:
if not idea_box:
return unathorized("You cannot to view this Idea Box.", "error")
# authorized admin with box privileg:
if is_auth_box(current_user):
current_user.is_admin = True
# set is_open property to the Boxes; If the closing time already due then cannot to share new idea
idea_box.Boxes.is_open = is_open(idea_box.Boxes.close_at)
# query all ideas for the choosen box:
ideas = Ideas.query.filter(Ideas.box_id == id).all()
for idea in ideas:
# update ideas with the poster avatar extension:
colleague = Colleagues.query.get(idea.colleague_id)
idea.avatar = get_avatar(colleague)
# change sign code to the corresponded value:
idea.position = colleague.position
return render_template(
"idea_box.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
ideas=ideas,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def create_idea(box_id, idea_id):
# if id == 0 create new idea, otherwise update existed idea by id
# authenticate user:
idea_box = get_idea_box(box_id, current_user)
# log out unathorized user:
# if idea_box empty then current user belong to different company
# if idea box already closed the user modified the url field
if not idea_box or not is_open(idea_box.Boxes.close_at):
return unathorized("You cannot to edit this Idea.", "error")
current_idea = Ideas.query.get(idea_id)
colleague = current_user
current_user.is_admin = False
if idea_id > 0 and current_idea.colleague_id != current_user.id:
# this idea belong to different colleague than the current user, check updata_box privileg:
if not is_auth_box(current_user):
return unathorized("You don't hane privileg to edit this Idea.",
"error")
else:
# current user is an admin with privileg to edit/delete boxes and ideas:
current_user.is_admin = True
colleague = Colleagues.query.get(current_idea.colleague_id)
form = CreateIdeaForm()
# change sign-input's labels to the name of current user (name must be hidden for Admins!):
form.sign.choices = [
("incognito", "incognito"),
(current_user.user_name, current_user.user_name),
(current_user.first_name, current_user.first_name),
(current_user.fullname(), current_user.fullname())
] if not current_user.is_admin else [(current_idea.sign,
current_idea.sign)]
if form.validate_on_submit():
print("submitted")
success = ""
error = ""
if idea_id == 0:
# instantiate new Idea:
idea = Ideas(idea=form.idea.data,
sign=form.sign.data,
box_id=box_id,
colleague_id=current_user.id)
db.session.add(idea)
success = "Thank you for sharing your Idea."
error = "Any error occured when post your Idea. Please try again."
else:
# edit existed idea:
error = "Any error occured when edited your Idea. Please try again."
if current_idea.idea != form.idea.data:
current_idea.idea = form.idea.data
success += "Your idea successfully edited.\n"
if current_idea.sign != form.sign.data:
current_idea.sign = form.sign.data
success += f"Your sign changed to {current_idea.sign}.\n"
try:
db.session.commit()
flash(success, "inform")
return redirect(url_for("idea_box", id=box_id))
except:
db.session.rollback()
flash(error, "error")
return redirect(
url_for("create_idea", box_id=box_id, idea_id=idea_id))
if idea_id > 0:
# edit mode:
form.submit.label.text = "Edit my Idea" if not current_user.is_admin else f"Edit {colleague.first_name}'s Idea"
form.idea.data = current_idea.idea
form.sign.data = current_idea.sign
else:
form.sign.data = current_user.first_name # set first name by default checked
return render_template(
"create_idea.html",
update_box=is_auth_box(
current_user), # to add edit icon to authorized admin
box=idea_box.Boxes,
avatar="incognito-cut.svg"
if form.sign.data == "incognito" else get_avatar(colleague),
form=form,
colleague=colleague,
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
logo=get_logo(current_user),
nav=get_nav(current_user))
def create_box(id):
# if id == 0 create new box, otherwise update box by id
# authenticate admin:
if not is_auth_box(current_user):
return unathorized("You are not authorized to create Idea Box.",
"error")
# authenticate company
if id > 0 and not authenticate_company(id, current_user):
return unathorized("You are not authorized to update Idea Box.",
"error")
current_box = Boxes.query.get(id)
form = CreateBoxForm()
if form.validate_on_submit():
name = form.name.data
description = form.description.data
close_at = form.close_at.data
if id == 0:
# add new Idea Box to the Boxes table:
new_box = Boxes(name=name,
description=description,
close_at=close_at,
admin_id=get_admin_id(current_user))
db.session.add(new_box)
error = "Any error occured when created new Idea Box. Please try again."
success = "New Idea Box successfully created."
else:
# edit box by id:
success = ""
if name != current_box.name:
current_box.name = name
success += "Title updated.\n"
if description != current_box.description:
current_box.description = description
success += "Description updated.\n"
# close_at is a date object, have to convert to string
str_close_at = close_at.strftime("%Y-%m-%d")
if str_close_at != current_box.close_at:
current_box.close_at = close_at
success += "Closing date updated.\n"
error = "Any error occured when updated Idea Box. Please try again."
try:
db.session.commit()
flash(success, "inform")
except:
db.session.rollback()
flash(error, "error")
return redirect(url_for("create_box", id=id))
return redirect(url_for("main"))
if id > 0:
# edit mode:
form.submit.label.text = "Edit Box"
form.name.data = current_box.name
form.description.data = current_box.description
form.close_at.data = str_to_date(current_box.close_at)
return render_template(
"create_box.html",
form=form,
id=id,
logo=get_logo(current_user),
change_logo=is_auth_company(
current_user
), # to add click event to change logo for authorized admin
nav=get_nav(current_user))