def modifyUser():
_id = request.args.get('id', '')
_user = models.get_user_by_id(_id)
if _user is None:
return render_template('update.html', result='用户信息不存在')
else:
return render_template('update.html', id=_user['id'], username=_user['username'], telephone=_user['telephone'], age=_user['age'])
def user_view():
user = models.get_user_by_id(request.args.get('id', 0))
print user
return render_template('user_view.html',
id=user.get('id', ''),
username=user.get('name', ''),
age=user.get('age', ''))
def updateUser():
_id = request.form.get('id', '')
_user = models.get_user_by_id(_id)
if _user is None:
return render_template('update.html', result='用户信息不存在')
else:
telephone = request.form.get('telephone', '')
age = request.form.get('age', '')
# 检查用户提交的数据
ok, result = models.validate_user_modify(telephone, age)
# 如果检查通过则添加到DB
if ok:
if models.modify_user(_user['id'], telephone, age):
ok = True
result = '更新成功'
else:
ok = False
result = '更新失败'
if ok:
#return redirect('/users/')
return json.dumps({'ok': True})
else:
return json.dumps({'ok': False, 'result': result})
def updateUser():
_id = request.form.get("id", "")
_user = models.get_user_by_id(_id)
if _user is None:
return render_template("update.html", result="用户信息不存在")
else:
telephone = request.form.get("telephone", "")
age = request.form.get("age", "")
# 检查用户提交的数据
ok, result = models.validate_user_modify(telephone, age)
# 如果检查通过则添加到DB
if ok:
if models.modify_user(_user["id"], telephone, age):
ok = True
result = "更新成功"
else:
ok = False
result = "更新失败"
if ok:
return redirect("/users/")
else:
return render_template(
"update.html", result=result, id=_user["id"], username=_user["username"], telephone=telephone, age=age
)
def modifyUser():
_id = request.args.get('id', '')
_user = models.get_user_by_id(_id)
if _user is None:
return render_template('update.html', result='用户信息不存在')
else:
return render_template('update.html', id=_user['id'], username=_user['username'], telephone=_user['telephone'], age=_user['age'])
def get_current_user(cookie_str): user = None if cookie_str: user_id = signup.check_secure_val(cookie_str) if user_id: user = models.get_user_by_id(user_id) return user
def updateUser():
_id = request.form.get('id', '')
_user = models.get_user_by_id(_id)
if _user is None:
return render_template('update.html', result='用户信息不存在')
else:
telephone = request.form.get('telephone', '')
age = request.form.get('age', '')
# 检查用户提交的数据
ok, result = models.validate_user_modify(telephone, age)
# 如果检查通过则添加到DB
if ok:
if models.modify_user(_user['id'], telephone, age):
ok = True
result = '更新成功'
else:
ok = False
result = '更新失败'
if ok:
#return redirect('/users/')
return json.dumps({'ok' : True})
else:
return json.dumps({'ok' : False, 'result' : result})
def user_delete():
uid = request.args.get('id', '')
username = models.get_user_by_id(uid).get('name')
rt = models.user_delete(uid)
if rt:
flash('delete user:%s succeed' % username)
return redirect(url_for('user'))
def get_user(self):
session_string = self.request.cookies.get('user_id')
if session_string:
if utils.valid_cookie_hash(session_string):
session_hash, user_id = session_string.split("|")
user = models.get_user_by_id(int(user_id))
return user
return None
def users_view():
if session.get('user') is None: return redirect('/')
user = models.get_user_by_id(request.args.get('id',0))
return render_template('user_view.html',id=user.get('id',''),\
username=user.get('name',''),age=user.get('age',0),\
department=user.get('department'),sex=user.get('sex'),\
birthday=user.get('birthday'),email=user.get('email'),\
hobby=user.get('hobby'))
def user_view_json():
if session.get('user') is None:
return redirect('/')
params = request.form if 'POST' == request.method else request.args
id = params.get('id',0)
user = models.get_user_by_id(id) #通过id获取用户的信息,再通过模板传给user_view.html,从而在修改页面显示用户的信息
print user
return json.dumps(user)
def modifyUser():
_id = request.args.get("id", "")
_user = models.get_user_by_id(_id)
if _user is None:
return render_template("update.html", result="用户信息不存在")
else:
return render_template(
"update.html", id=_user["id"], username=_user["username"], telephone=_user["telephone"], age=_user["age"]
)
def user_view():
if session.get('user') is None:
return redirect('/')
params = request.form if 'POST' == request.method else request.args
id = params.get('id',0)
user = models.get_user_by_id(id) #通过id获取用户的信息,再通过模板传给user_view.html,从而在修改页面显示用户的信息
print user
return render_template('user_view.html',id = user.get('id',''), username = user.get('name',0), age = user.get('age',0))
def profile(uid):
"""
Return serializable users data
:param uid:
:return String: (JSON)
"""
user = get_user_by_id(uid)
return jsonify(user.serialize)
def remove_profile():
"""
Remove user profile
:return mix:
"""
# get uid
uid = int(session['uid'])
# get user items
items = [item.serialize for item in get_items_by_user(uid)]
# if the user have any items create message
if len(items) > 0:
flash('First remove your cars', 'error')
# get user
user = get_user_by_id(uid)
# get user full name
name = ' '.join([user.first_name, user.last_name])
if request.method == 'POST' and request.form['csrf_token'] == csrf_token:
if len(items) > 0:
return render('users/delete_profile.html',
brands=brands,
csrf_token=csrf_token)
# get absolute path to image
path = ''.join([BASE_DIR, user.picture])
# if file exist remove the image file
if os.path.isfile(path):
os.unlink(path)
# remove user data from database
remove_user(uid)
# remove session
del session['uid']
if 'provider' in session:
del session['provider']
# create success message
flash('Profile "%s" was removed' % name, 'success')
# redirect user to home page
return redirect('/', 302)
return render('users/delete_profile.html',
brands=brands,
csrf_token=csrf_token)
def user_view():
if session.get('user') is None: return redirect('/')
user = models.get_user_by_id(request.args.get('id', 0))
return render_template('user_view.html',id=user.get('id', ''),
username=user.get('name', ''),
department=user.get('department', '2'),
hobby=user.get('hobby', ['basketball', 'pingpong']),
sex=user.get('sex', '1'),
)
def user_view():
if session.get('user') is None:
return redirect('/')
user = models.get_user_by_id(request.args.get('id', 0))
return render_template('user_view.html',
username=user.get('name', ''),
age=user.get('age', ''),
id=user.get('id', ''),
department=user.get('department', ''),
email=user.get('email', ''),
hobby=user.get('hobby', ''),
detail=user.get('detail', ''))
def delete_user(uid):
"""
Remove user's profile
:param uid:
:return string: JSON
"""
user_profile = get_user_by_id(uid)
if user_profile.id != g.user.id:
return jsonify({'error': 'permission denied'}), 403
else:
remove_user(uid)
return jsonify({'message': 'account was removed'}), 200
def edit_profile(uid):
"""
Edit user's data
:param uid:
:return string: JSON
"""
# check if the user is the owner
user_profile = get_user_by_id(uid)
if user_profile.id != g.user.id:
return jsonify({'error': 'permission denied'}), 403
# define user object
user = {
'uid': uid,
'username': clean(request.json.get('username')),
'first_name': clean(request.json.get('first_name')),
'last_name': clean(request.json.get('last_name')),
'email': clean(request.json.get('email')),
}
# validate data
if not user['username']:
return jsonify({'error': 'username can\'t be empty'})
if not user['first_name']:
return jsonify({'error': 'first name can\'t be empty'})
if not user['last_name']:
return jsonify({'error': 'last name can\'t be empty'})
if not user['email']:
return jsonify({'error': 'email can\'t be empty'})
if user_profile.email != user['email'] and email_exist(user['email']):
return jsonify({'error': 'email already registered'})
# update user
update_user(user)
g.user = get_user_by_id(uid)
return jsonify({'message': 'User %s was update!' % g.user.get_full_name})
def edit_car(item_id):
"""
Edit item
:param item_id:
:return mix:
"""
# get user
user = get_user_by_id(session['uid'])
# Get car
car = get_item_by_id(item_id)
# Check the user is the owner
if int(session['uid']) != int(car.author):
flash('You don\'t have permission to edit it.', 'error')
return redirect('/profile', 302)
# Get token
token = user.generate_auth_token(3600)
if request.method == 'POST' and request.form['csrf_token'] == csrf_token:
_car = dict()
# cleaning data
try:
_car['description'] = clean(request.form['description'])
_car['title'] = clean(request.form['title'])
_car['model'] = clean(request.form['model'])
_car['price'] = clean(request.form['price'])
_car['brand'] = clean(request.form['brand'])
_car['author'] = session['uid']
except TypeError:
flash('fields can\'t be empty', 'error')
return render('catalog/new_car.html',
brands=brands,
csrf=csrf_token)
# update car, create success message and redirect user
item = update_item(_car, item_id)
flash('Record "%s" was successfully updated' % item.title, 'success')
return redirect('/profile', 302)
return render('catalog/edit_car.html',
brands=brands,
car=car.serialize,
token=token,
user=user.serialize,
csrf_token=csrf_token)
def user_profile():
"""
Profile page
:return:
"""
user = get_user_by_id(session['uid'])
title = '%s - profile' % user.get_full_name
cars = [item.serialize for item in get_items_by_user(session['uid'])]
print cars
return render('/users/profile.html',
brands=brands,
title=title,
cars=cars,
user=user.serialize)
def edit_user_profile():
"""
Edit user profile
:return mix:
"""
# check if user is logged in
if not session.get('uid'):
return redirect('/login', 302)
# get user
user = get_user_by_id(session['uid'])
# POST request
if request.method == 'POST' and request.form['csrf_token'] == csrf_token:
# cleaning data
try:
_user = dict()
_user['uid'] = int(session['uid'])
_user['username'] = clean(request.form['username'])
_user['first_name'] = clean(request.form['first_name'])
_user['last_name'] = clean(request.form['last_name'])
_user['email'] = clean(request.form['email'])
except TypeError:
flash('Fields can\'t be empty', 'error')
return redirect('/profile', 302)
if email_is_valid(_user['email']):
user = update_user(_user)
full_name = ' '.join([user.first_name, user.last_name])
message = 'Dear %s, your information was updating' % full_name
flash(message, 'success')
return redirect('/profile', 302)
else:
flash('Invalid email', 'error')
return render('users/edit_profile.html',
brands=brands,
user=user,
csrf_token=csrf_token)
return render('users/edit_profile.html',
brands=brands,
token=user.generate_auth_token(3600),
user=user,
csrf_token=csrf_token)
def add_item_images(uid, item_id):
"""
Save item's images
:param uid:
:param item_id:
:return string: JSON
"""
images = list()
# validate numbers
try:
uid = int(uid)
item_id = int(item_id)
except ValueError or TypeError:
return jsonify({'error': "wrong address"})
# get user data
user_profile = get_user_by_id(uid)
# check the user is the owner of the account
if user_profile.id != g.user.id:
return jsonify({'error': 'permission denied'}), 403
# get list of images
upload_images = request.files.getlist('file')
# validate images
if upload_images is []:
return jsonify({'error': "server didn't get any images"}), 206
if len(upload_images) > 10:
return jsonify({'error': "too many images, maximum 10"}), 206
# prepare data for saving
for image in upload_images:
filename = get_path(filename=secure_filename(image.filename),
folder=app.config['UPLOAD_FOLDER'])
abs_path = '%s%s' % (BASE_DIR, filename)
image.save(abs_path)
images.append(filename)
# prepare response
item_images = [item.serialize for item in add_images(images, item_id)]
return jsonify(item_images), 200
def update_session(user):
session['logged_in'] = True
session['username'] = user.email
session['first_name'] = user.fname
session['userid'] = user.userid
user = models.get_user_by_id(session['userid'])
session['userid'] = user.userid
cust = models.get_customer_by_user(user)
chef = models.get_chef_by_user(user)
if (cust):
session['custid'] = cust.customerid
else:
session['custid'] = None
if (chef):
session['chefid'] = chef.chefid
else:
session['chefid'] = None
def edit_photo(uid):
"""
Update user's photo (avatar)
:param uid:
:return string: JSON
"""
# check the user is the owner
user_profile = get_user_by_id(uid)
if user_profile.id != g.user.id:
return jsonify({'error': 'permission denied'}), 403
# check if the post request has the file part
if 'file' not in request.files:
return jsonify({'error': "Server don't get image"}), 206
photo = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if photo.filename == '':
return jsonify({'error': 'No selected file'}), 200
if photo and allowed_file(photo.filename, ALLOWED_EXTENSIONS):
# prepare relative path to the image for database
filename = get_path(filename=secure_filename(photo.filename),
folder=app.config['UPLOAD_FOLDER'])
# prepare absolute path to the image for saving
abs_path = '%s%s' % (BASE_DIR, filename)
# save image
photo.save(abs_path)
# update user data
user = update_user_photo(filename, g.user.id)
return jsonify(user.serialize), 200
else:
return jsonify({'error', "Can't update user photo"}), 200
def verify_password(_login, password):
"""
Verification of password
:param _login:
:param password:
:return bool:
"""
# Try to see if it's a token first
user_id = User.verify_auth_token(_login)
if user_id:
user = get_user_by_id(user_id)
else:
user = get_user_by_email(_login)
if not user:
user = get_user_by_username(_login)
if not user or not user.verify_password(password):
return False
else:
if not user.verify_password(password):
return False
g.user = user
return True
def load_user(user_id):
return models.get_user_by_id(user_id)
def users_view():
if session.get('user') is None: return redirect('/')
user = models.get_user_by_id(request.args.get('id',0))
return render_template('user_view.html',id=user.get('id',''), username=user.get('name',''),age=user.get('age',0))
def users_delete():
user = models.get_user_by_id(request.args.get('id',0))
id=user.get('id','')
models.user_delete(id)
return redirect('/users/')
def get_user(uid):
user = get_user_by_id(uid)
if not user:
abort(400)
return jsonify({'username': user.username})
def account():
form = forms.AccountForm(request.form)
form.country.choices = [(c.countryid, c.countryname)
for c in models.get_all_countries()]
form.chefspec.choices = [(c.cuisineid, c.cuisine_name)
for c in models.get_all_cuisines()]
form.chefspec.choices.append((-1, "Pick a Specialty..."))
#form.custpref.choices = [(c.cuisineid, c.cuisine_name) for c in models.get_all_cuisines()]
# populate form with existing info
user = models.get_user_by_id(session['userid'])
chef = models.get_chef_by_id(session['chefid'])
cust = models.get_customer_by_id(session['custid'])
print form.first_name.data, form.last_name.data
print form.country.data, form.usertype.data
print request.method, form.validate()
if (request.method == 'POST'):
print request.form
# delete chef/cust only options from the form to get through validation
if (not chef):
del form.chefspec
if (not cust):
del form.custpref
if (form.validate()):
print "posting..."
fname = form.first_name.data
lname = form.last_name.data
email = form.email_id.data
passwd = sha256_crypt.encrypt(str(form.password.data))
user_type = form.usertype.data
aptno = form.apartment_no.data
street = form.street.data
city = form.city.data
state = form.state.data
zipcode = int(form.zipcode.data) if form.zipcode.data else None
country = int(form.country.data) if form.country.data else None
phoneno = int(
form.phone_number.data) if form.phone_number.data else None
chefspec = None
reachouts = None
custpref = None
if (chef):
chefspec = int(form.chefspec.data)
reachouts = form.reachouts.data
if (cust):
custpref = form.custpref.data
# update with new info if necessary
r = user.update(fname, lname, email, passwd, user_type, aptno,
street, city, state, zipcode, country, phoneno,
chefspec, reachouts, custpref)
update_session(user)
if (r == 0):
flash(
'User details updated. Visit account page again to see new fields',
'success')
else:
flash('Update failed, check the submitted data for errors',
'danger')
return render_template('account.html',
form=form,
chef=chef,
cust=cust)
else:
flash('Update failed, check the submitted data for errors',
'danger')
return render_template('account.html',
form=form,
chef=chef,
cust=cust)
elif (request.method == 'GET'):
usertype = ""
aptno, street, city, state, zipcode, countryid, phoneno = (None, ) * 7
chefspec = None
custpref = None
reachouts = None
if (chef and cust):
usertype = "both"
aptno = chef.address
street = chef.street
city = chef.city
state = chef.state
zipcode = chef.zipcode
countryid = chef.countryid
phoneno = chef.phone_number
chefspec = chef.get_specialty()
reachouts = chef.get_reachouts_str()
custpref = cust.preference
elif (chef):
usertype = "chef"
aptno = chef.address
street = chef.street
city = chef.city
state = chef.state
zipcode = chef.zipcode
countryid = chef.countryid
phoneno = chef.phone_number
chefspec = chef.get_specialty()
reachouts = chef.get_reachouts_str()
elif (cust):
usertype = "customer"
aptno = cust.address
street = cust.street
city = cust.city
state = cust.state
zipcode = cust.zipcode
countryid = cust.countryid
phoneno = cust.phone_number
custpref = cust.preference
form.first_name.data = user.fname
form.last_name.data = user.lname
form.email_id.data = user.email
form.password.data = None
form.usertype.data = usertype
form.apartment_no.data = aptno
form.street.data = street
form.city.data = city
form.state.data = state
form.zipcode.data = str(zipcode)
form.country.data = countryid
form.phone_number.data = str(phoneno)
form.chefspec.data = chefspec.cuisineid if chefspec else -1
form.reachouts.data = reachouts
form.custpref.data = custpref
if (not chef):
del form.chefspec
del form.reachouts
if (not cust):
del form.custpref
return render_template('account.html', form=form, chef=chef, cust=cust)
flash('Update failed', 'danger')
return render_template('account.html', form=form, chef=chef, cust=cust)
