def employeeAuthController():
errorString = ''
if ('employee' in session):
return redirect(url_for('backoffice'))
if request.method == 'POST' and ('username'
in request.form) and ('password'
in request.form):
if request.form['username'] and request.form['password']:
hash = hashlib.sha256(
request.form['password'].encode()).hexdigest().upper()
currentUser = Employee.objects(login=request.form['username'],
password=hash).first()
if currentUser:
if currentUser.active == 1:
session['employee'] = currentUser
return redirect(url_for('backoffice'))
else:
errorString = "Your account is not active"
else:
errorString = "Wrong data, unable to execute login"
else:
errorString = "Please insert username and password"
return render_template('auth/login_employee.html', errorString=errorString)
def get(self):
dept_slug = request.args.get('department_slug')
job = request.args.get('job')
if dept_slug:
dept = Department.objects(slug=dept_slug).first()
if job == 'lecturer':
employees = Lecturer.objects(department=dept)
else:
employees = Employee.objects(department=dept)
else:
if job == 'lecturer':
employees = Lecturer.objects
else:
employees = Employee.objects
return employees.to_json(), 200, {'Content-type': 'application/json'}
def post(self):
data = request.get_json()
authors = data['authors'].split(',')
cdate = datetime.strptime(data['cover_date'], '%Y-%m-%d')
article = ResearchArticle(title=data['title'],
publisher=data['publisher'],
author_list=data['authors'],
status=data['status'],
cover_date=cdate
)
article_authors = []
for au in authors:
au = au.lstrip().rstrip() # trim whitespaces
fname, lname = au.split()
e = Employee.objects(__raw__={'first_name_en': fname, 'last_name_en': lname}).first()
if e:
article_authors.append(e)
else:
continue
article.authors = article_authors
article.save()
return jsonify(data="success")
def employeeController(action=None,resourceId=None):
#keep non-logged users outside
if ('employee' not in session):
return redirect(url_for('backoffice_auth'))
if not session['employee']['superAdmin'] and not resourceId:
return redirect(url_for('backoffice_auth'))
#check resourceId validity
employeeData = None
if resourceId:
if ObjectId.is_valid(str(resourceId)):
employeeData = Employee.objects(id=ObjectId(str(resourceId))).first()
if not session['employee']['superAdmin'] and not (action == 'edit' and resourceId == session['employee']['_id']['$oid']):
return render_template('404.html',errorString="Cannot access this area")
if not employeeData:
return render_template('404.html',errorString="This Employee does not exist")
else:
return render_template('404.html',errorString="This EmployeeId is not valid")
errorString = ''
employeeList = []
evaluatedEmployee = None
parkingList = []
validationErrors = []
pageTitle = ""
#switch action cases (add,edit,delete,list)
if action == 'add' or action == 'edit':
pageTitle = "Add Employee" if action == "add" else "Edit Employee"
templatePath = 'employees/add.html'
if request.method == 'POST' and ('submit' in request.form):
#validate username
if 'login' in request.form:
if not request.form['login']:
validationErrors.append("Field username is empty")
else:
if len(request.form['login']) < 5:
validationErrors.append("Username field should be min. 5 chars")
if action == 'add':
if len(Employee.objects(login=request.form['login'])) > 0:
validationErrors.append("The username you've choose already exists")
else:
if len(Employee.objects(login=request.form['login'],login__ne=employeeData.login)) > 0:
validationErrors.append("The username you've choose already exists")
else:
validationErrors.append("Missing field username in request")
#validate name
if 'name' in request.form:
if not request.form['name']:
validationErrors.append("Field name is empty")
else:
validationErrors.append("Missing field name in request")
#validate password
if 'password' in request.form:
if not request.form['password']:
if(action == 'edit'):
hash = employeeData.password #keep old password
else:
validationErrors.append("Field password is empty")
else:
if len(request.form['password']) < 8:
validationErrors.append("Password field should be min. 8 chars")
else:
hash = hashlib.sha256(request.form['password'].encode()).hexdigest().upper()#make new hash
else:
validationErrors.append("Missing field password in request")
active = 0
superAdmin = 0
if 'active' in request.form:
active = (True if int(request.form['active']) == 1 else False)
if 'superAdmin' in request.form:
superAdmin = (True if int(request.form['superAdmin']) == 1 else False)
#validate parking
if not (action == 'edit' and resourceId and not session['employee']['superAdmin'] and str(session['employee']['_id']['$oid']) == resourceId):
if 'relatedParking' in request.form:
#request.form['relatedParking']
if request.form['relatedParking'] and ObjectId.is_valid(str(request.form['relatedParking'])):
if not Parking.objects(id=ObjectId(str(request.form['relatedParking']))).first():
validationErrors.append("The parking you are referencing is not existing")
else:
relatedParking = str(request.form['relatedParking'])
else:
validationErrors.append("The parking you are referencing is not valid")
else:
validationErrors.append("Missing parking reference in request")
else:
relatedParking = session['employee']['relatedParking']['$oid']
active = session['employee']['active']
superAdmin = session['employee']['superAdmin']
#validate active
if len(validationErrors) == 0:
#save
if action == 'add':
result = Employee(name = request.form['name'],
login = request.form['login'],
password = hash,
relatedParking = ObjectId(str(relatedParking)),
active = active,
superAdmin = superAdmin
).save()
if result:
lastEmployee = Employee.objects(login=request.form['login']).first()
return redirect(url_for('employees',action='edit',resourceId=lastEmployee.id))
else:
validationErrors.append("Unable to write this record")
else:
result = Employee.objects(id=ObjectId(str(resourceId))).update(name = request.form['name'],
login = request.form['login'],
password = hash,
relatedParking = ObjectId(str(relatedParking)),
active = active,
superAdmin = superAdmin
)
return redirect(url_for('employees',action='edit',resourceId=resourceId))
else:
errorString ='|'.join(validationErrors)
elif action == 'delete':
pageTitle = "Employees"
templatePath = 'employees/list.html'
Employee.objects(id=ObjectId(str(resourceId))).delete()
employeeList = Employee.objects().order_by('name')
else:
pageTitle = "Employees"
templatePath = 'employees/list.html'
employeeList = Employee.objects().order_by('name')
parkingList = Parking.objects().order_by('name')
return render_template(
templatePath,
pageTitle=pageTitle,
employee=session['employee'],
userType='employee',
errorString=errorString,
evaluatedEmployee=evaluatedEmployee,
employeeList=employeeList,
parkingList=parkingList,
employeeData=employeeData,
action=action,
resourceId=resourceId
)
def get(self, employee_id):
emp = Employee.objects(id=employee_id).first()
articles = ResearchArticle.objects(authors=emp)
return articles.to_json(), 200, {'Content-type': 'application/json'}
def get(self, employee_id):
emp = Employee.objects(id=employee_id).first()
response = make_response(emp.photo.read())
response.mimetype = emp.photo.content_type
return response
def get(self, employee_id):
emp = Employee.objects(id=employee_id).first()
return emp.to_json(), 200, {'Content-type': 'application/json'}
def retrive(request):
employList = Employee.objects(email=request.POST['email'])
context = {
'employList':employList
}
return render(request, 'testApp/employ.html', context)
